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update T^ni 


Typing the same 
text over and over? 


Want to drive 
your Mac like a Pro? 

KeyCue 

helps you speed 
up your daily tasks 
with keyboard 
shortcuts. 


Need special characters 
in your document? 

PopChar 

inserts any special 
character into your 
document with 
just two clicks. 


Have great 
software to sell? 


Typinator 

types frequently 
used text for you 
and auto-corrects 
your typos. 


Shareware 

Publisher 

submits your software 
products to leading 
download sites. 
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* Caution; Usage of Ergonis productivity boosters will revolutionize the way you use your Mac 
and make you more productive. You will have to look for another hobby! 


















^^audiOGnginG upgrade your musk! 

Experience our award-winning sound, high-quality materials and truly useful features. 


GET'10% OFF 

plus free shipping 
when you buy online! 
Use Coupon Code 
IVlTTeN 



Audioengine 2 (A2) 

Premium Powered Desktop Speakers 



AudroengineWa (AW2) 

Premium Wireless Adapter for iPod 



Closes the gap between computer speakers and home audio 


Unwire your iPod 


'7??ese are the best speakers for your desktop, computer, or 
media player" - Connect Reviews 


"Super fast setup and the uncompressed sound is pretty 
remarkable" - Uncrate 



Premium Powered Bookshelf Speakers 




Audioengine W1 (AWT) 

Premium Wireless Audio Adapter 



High-quality audio for your Mac or PC 

“There are no other speakers in this price range that come close" 

- Mac Observer 


Send CD-quality wireless anywhere with or without a 
computer 

"High quality wireless music streaming that's quick and 
easy to use" - Register Hardware 


Works with all your gear * All cables included • 30-day audition • 3 year warranty 
Visit our website for more product info, reviews, and awards: www.audioengineusa.com 

£)2tJl 0 Audloengine l,td. iPod touch not Incfuded. iPod Is a tradeirark of Appip Inc, registered In the U.S, and other comitTries. tor iPcsi" means that ain electronic accessory hgs been designed to connect specifically to 

IPod nirtcf has been certified by the devetoper to meet Apple performance standards^, Apple is not responsii blefor the operation of this device or its compliance wlrKsafi^ty and regulatory standards. 


























Parallels' 



Our Xserve runs 
Windows Server. 

Make your Xserve go farther with 

Parallels Server®for Mac 4.0. 

Run any server software you choose. 

* Full scale hypervisor solution with bare metal architecture 


"Our district has already 
saved more than $50,000 
because Parallels Server 
for Mac eliminates the 
need for multiple servers. 
We anticipate more savings 
as well." 


Hardware-ready for seamless integration into existing IT infrastructures 
Buift'in VM management and maintenance tools 


“Richarci Bowler 
Director ot technola9v 
Hardin School District in Montana 


To learn more, visit www.parallels.com/products/server/mac today. 















II Parallels 



My Mac does do Windows. 


Introducing Parallels Desktop*6 for Mac 
with an unprecedented 80+ new features 
and enhancements including: 


• Newl Get full control of your virtual machine with our all-new 
Parallels Mobile app for iPhone/iPad 

• New! Take advantage of all of the capabilities of your 64-bit Mac 
and enjoy our fastest virtual machine performance yet 

• Enhanced! Experience brilliant graphics capabilities in Windows 
applications whether you're a gamer, architect, designer or engineer 

• New! Immerse yourself in your favorite games, music 
and videos with rich 5.1 Surround Sound 


Paj^allels Desktop* 6 for Mac 

. Simply Faster, Smarte r and More B 


Parallels „ 
Desktop 6 for 



Ull^rn more, visit wvvw.parallels.com/desktop today. 
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From the Editor ^ -- 

W r e're dotting the 'i's and crossing the Xs of all thing MacTech Conference-related. If the 
postal service is nice to us, you should be receiving this issue prior to the conference. Of 
course, we hope you're joining us, but wliether you are or not, this issue shares many 
characteristics with the way the conference has come together The common thread: the curiosity to 
dig deeper 

That curiosity should lead to ncw^ discoveries, and new ways of solving probiems. Nowhere is 
this more evident than in the origin of our cover story. Typically, [:teop]e in die system administration 
role have come to rely on third-party sofm^are to get thing.s done From die actual OS (Mac OS X 
Server, for example) to utilities to make the job easier (Passenger, Casper, Nagios and so on), sys 
admins weren't die soludon creators. That trend has thankfully been changing over time, and as a 
result, weVe seeing great solutions from sys admins turned developer For a prime example, look no 
further than Munki, by long-time MacTech author Greg Neagle (in addition to the many other hats 
he wears), 

rll let Greg's article speak for itself, hut it's an excellent example of someone that identified a 
problem and just didn’t wail for a ,SQlution to float by. Check it out in, ''Managing Software Installs 
with Munki." 

Another way you can take control, rather than to just live with die enviromneni an OS 
manufacturer gives you is to use third parr>'' apps (on again, create your own apps). This month’s 
Mac in the Shell talks about OS-wide productivity extensions that enhance the way you interact with 
the computer Namely, lessen the reliance on the mouse and keep your hands on the keyboard, jus! 
like working in a shell...Jimmmm. 

The Consultant Cowt’Kiy series for people already on their own, or looking to jump out on their 
own, is hack with some new lessons and food for thought. This month looks at the mentality 
required to handle the good times, and bad, of being your own boss. 

Another example in Ehis common thread of creation: a review of Maker Faire. Maker Faire is an 
amazing display of creativity and ingenuity in making things. Fun things, things that solve problems 
and things that teach, all created by an amazing group of ‘'Makers.” One can only create in a vacuum 
for so long. Events like Maker Faire me excellent ways of getting otit and exchanging ideas with 
other like-minded people. 

Frequent contributor Jtjse Caiz also found the dig-in' spiiii with this month's article, “Tite 
Receipts Database.” Jose asked, "how does tills work"’ repeaiedly until he understcK)d how the new 
receipts for packages are stored, Now he shares it with you - something eveiy system admin should 
understand. 

Developer to Dtneloper this montli introduces (or recaps) how^ memoiy^ is managed in 
Ohjective-C. This is such a fundamental and important topic w heii writing code, take the rime to 
really understand it. Boisy makes it easy for you, sure, bin it's incredible at how often people trip 
over this subject, 

Mike Hjbrleifsson's CoreSec article asks an important question: "Is Your Mail Really Safe?” While 
the specific example revolves around e-mail, there are broader lines drawn for other electronic 
communication and data. 

The MacTech Spotlight this month highlights Andrew Pepperell, the developer of a new 
productivity application for Mac OS X called Alfred. We're hoping to see much more from Andrew' 
and his Running With Crayons venture in the future. 

Until next montli, stay curious. 


Fd Marczak, 
Executive Editor 
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M/ic IN THE Shell 

by Edward Marczak 


familiar with the niagnilying glass icon in the menu bar However, 
not ever>'one tnkes advantage of it. Figure 1 shows a Spotlight 
search in progres^s. 


No-Mouse 
GUI Control 

Or, more shell-like antics 
in the GUI 

_ / 


Welcome 


List month, i talked about several iitiJiiies tliat alJow you to 
manage GUI windows quickly and precisely without having to use 
tile mouse (mostly}. Petiple coniforta!>le in a sliell environiiieni 
kmm how much speed increase is possible in your workflow 
when you can avoid Cf)nstantly reaching for the mouse. Well, theie 
are sevenil other t(x>ls for getting things dt>ne w hiie staring at the 
GUI witboui having to reach for the mouse, Namely, launchei's that 
have evolved past solely launching applications Ifeid on to find 
out w'ays—lioth built-in and [^aid .solutions—that can help you 
sjxied up your w^orktlovv even fuitlier fund save the harreiy on 
your mouse!). 

Introduction 

Tile premise here is the same as last month: f>y relying less 
on tlie mouse, you can s|Deed up your wurkllow' considerLibiy. Just 
keep your hands on rlic^ keylx^ard for every thing. This is all very^ 
possilde, however, there are several .soluiions for doing so. Also 
the same as last month: the solution you chtx>se really depends on 
yiiLir .style. 

In addition to the utilities mentioned iiere, be sure to u.se 
other features of the OS to keep your hands on the key^l-Kiard, such 
as conimand-tab to switch applications and commanLi— to rotate 
thiough window's in tlie cuiTcnt application. 

Spotlight 


O @1’ 

Oct 4 13:23 Cl 

spotlight 

[ maetech 


Show All 

Top m 

MacTech viewer.app 

Applications 

'4^ MacTech VIewer.app 
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rollers 

^ MacTech 

WacTeth Deliverables 

Messages 

Message left on server: "UC ... 
EA, Unity Announce Deep Pa 

Contacts 

_ Kenneth 

□avid 

MacTech Editorial 

Event j & Tg Dos 

MacTech 25.01 EdUorial Close 

^ MacTech Dinner 

f MacTech/Mac Qlriefing 

ImiSiges 

PI MT5~MacTechr€.JPC 
maciech.tiff 

PDf Documents 

2609 LO-ftEZ PROOF.pdf 
£nterprise_Mac_Managed_Pr 

Webpages 

- Is Your Email Really Safe? | a 
Workllow summary J author... 

Preteiitatkon& 

Dev Tools For Sys Admins.key 


Spotlight Preferences... 


Figure 1 - Spotlight search in action. 


Ihe search term is "miictech," and the list starts to populate 
immediately. You can see tliai the results list is categorized by type. 
The results show and their ordering can he configured in tlie 
Spotlight Prelerence Pane. 


Drag categorks lo change the order in whkh results appear. 
Only sefected categories will appear In Spotlight search results. 

1 ^ Applications 

2 ^ M System Preferences 

3 Documents 

4 0 _ Folders 

5 ^ Mail Messages 

Figure 2 - Spotlight configuration. 


Built-in to tlic operating system, Spotlight has fiecome a 
realistic choice for launching applicatioas and more. Much 
improved in .Mac OS X vl().6, Spt>tlight Lis been available sincx? 
Mac OS X V Tiger,'' By now , pretty much all Mac u.sers are 


Clicking on an item in lire results list simply opens tile 
resulting document. If tile result is an application, it is laundied. 
Documents are pas.sed to their cxinfigured application. Even 
though Xonlacls" aren’t true documents, Spotlight importers wcirk 
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The Casper Suibe and iOS 4: 

Mobile Device Managemend Pop dhe Apple pladPonm 

Manage your Macs, iPads and iPhones from a single console. 

The Casper Suite is a comprehensive lifecycle management solution for the Mac and Apple mobile devices. 
Incorporating the full range of Apple mobile device management capabilities since iPhone OS 3, the Casper 
Suite features deep integration with core Apple technologies and unifies third party products. 

http;//jamfsoftware.com/solutions/mobile*device*management 



HELPING THE ENTERPRISE SUCCEED 
WITH THE APPLE PU\TEORM 



to understand certain data and open it in the appmpriate 
application. 

Spotlight, however, lias its sliare of problems. First, its 
relatively slow in bringing back results. Secondly, its inconsistent; 
perform the same search and at times, youll get different results. 
Finally, it's incomplete: Spotlight neitlier reports on all file-type.s 
due to a lack of an importer, nor does it bring back results from 
all areas of the filesystem (notably anything in /System or /Library). 

Spotlight does have ilie benefit of being built-in: walk up to 
imy contemporary OS X machine and press command^space—^the 
default hot key—and type in your search term It also offers some 
other simple tricks, such as showing results for calculations 
through the calculator category. 

Launchbar 

After Spotliglit, all other methods for launciung applications 
and opening docuinenLs are tliird-party additions. Certainly the 
mother of this caiegor)' is Launchbar, from OInjective 
Development. Launchbar is interesting if not for its history alone: 
its been around in one for or another since the NeXT days. The 
otlier interesting thing Is that Launchbir does so much, hut the 
name—the Immch in instantly gives one grounding 

on what to do with it. 

Its current release is Launchbar 5. Once it’s downloaded and 
installed, you run it and it siLs, out of tlie way \vaiting to be 
invoked. You can call it into action by pressing tlie defined hot key 
(it looks like the default Is command-space to take the place of 
Spotlight, but 1 di&thle my Spotlight hc^t key an)Tvay, so this may 
just be Launchbar lx‘ing smart), 


iow Help 


0r 0 


app€ngine/oaiJtli_example at master from Jos... ^ 


^ flpp«rfgifti/omiJth_ftinnipl« at liiuur from loilftftiKccider'i twa«.. 


‘ m iTerrr 

^ ttermZ: - Project Kosling on Cwgic CcKle 1^ 

I PagcNdme - iterm2 - JTernn2 Hflki. - Project Hosting on Coogle. , ► 


Doiunloeds - itcroiZ - Project Hosting on Coogk CcKte 
Wiki Pages - ilefm2 - Project Hosting on Coogie Code 
^ Binary name ' iterm2-discuss I Coogie Groups 

AppleScript - iterm2 - Project Hosting on Google Code 


Figure 3 - Launchbar in action. 

Launchbar w^ill .slide out of the menuliar and wait for your 
query. Speaking of liiunchbar Ixfing smart, unlike Spotlight, it will 
return lesulLs from across your entire disk and internet-based 
searches as well. It chooses appropriate dekiult actions for given 
file types, and allows you to drill down into certain file types such 
as folders and bundles (like iPhoto result). 

7 

Launchbar is available for downltiad and purchase from the 
Objective Development website: 

http://www.obdev.at/ products/lounchbor/index.htnil. 


Quicksilver 

If Launchbar is the mother of this category, Quicksilver is the 
rebel child tliat got all the attention. Yes, like Launchbar, it’s a 
launcher and so much more. In fact, it was one of those 
applications that did so much, it was a little hard to explain to tlie 
uninitiated. One way Quicksilver set itself apart was its visual fiair; 
it was clear tiiat there was a lot of cool going on with tliis 
application. 

Developed by Nicholas ‘‘alcor” Jitkoff, Quicksilver is 
essentially a command-line interface to tlie GUI. Set a hot key—I 
disable Spotlight and set Qtiicksilver to command-space—and 
you’re ready to use Quicksilver. Press the hotke}' at any time and 
up pops the interface (FigUR* 4). 



Qivyy Open 


tiQoiBs/ApfiUc^iQm miwvapp 



Dlwy.^p 

/"Volumes I bDjn*Si''Appl|«taon3 /Otvvy,Jix>p 


Mew York Citv/*Vew Jersey TIRST: Discov... 
htt p. f I WWW. rryt/ijti rst.org /f n:.htmf 

Mechanically Separated Meat i* Biog Arc , 
http: J ■ msrrs-grampv bym pe'^s xem/?p-20 




Figure 4 - Quicksilver interface with search. 


In the case sliown in Figure 4, 1 tyjied 'divvy’ my search, 
showm in the pane on die left, Ihe pane on tlie right shows the 
dekiult action, “Open." lypically, die default acdon Ls exactly what 
you want. However, you can alst) firess die tab key, and tJien 
choo.se an action to oveiride die default. Let's say you want to e- 
mail a Liocument lo someone. Bring up Quicksilver, die name 
of die document, pre.ss uih, and then use the down-arrow^ to 
choose die “e-mail dexument" aedtjn. Boom, done. Isn’t that much 
lietter than digging through the Finder or an open file dialog to 
find a document and mail id 

Quicksilver c'an lie extended through plug-ins. .See Figure 5 
for the initial interface tliat assists you with base plug-ins. 
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HOW CAN YOU MANAGE 
WHAT YOU CAN'T FIND? 


Rediscover your computer fleet 
with Absolute Software. 


• Increase auditing accuracy 

• Lower compliance risks 

• Minimize security risks 

• Reduce total cost of ownership 


Find and manage your Mac and PC computers with Absolute® 
Software. From the largest corporations to your home office, our 
Computrace®, Absolute Manage and Lojack® for Laptops solutions 
help you improve data protection, simplify computer lifecycle 
management and recover stolen computers. 

For a FREE demo of Absolute Manage visit: 

www.absolute.com/rediscover 


AbsolutefS oft ware 


The absolute best way to track, manage & protect your digital world. 
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management and more. ThifY us why it's so dilTicult to 
describej and really just invites you to it lo find out what 
it's all about. Start out by using it as a launcher, and then 
gradually add in new Functionality. 

Quicksilver is functional and heautifuL You have to love 
software that has a preference named "Superfluous visual 
effects.'' Try it, you1l like it. Quicksilver can be found and 
downloaded at hrtp://blacktree.com/. Since its introduction, 
Quicksilver has become Open Source—the source can be 
found on Githiih (http://github.com/tiennou/blacktree- 
alchemy). 

Google Quick Search Box 

Although Google's Quick Search Box (QSB) is a fairly 
recent entry, 111 list it right behind Quicksilver due to its 
history: Nichols Jiikoff ultimately went to work for Google 
to help create QSB. Due to this lineage, there are a number 
of similarities between the products. 


Figure 5 » Quicksilver installing plug-ins* 


Plug-in functionality ranges from new looks for the 
Quicksilver interface, to ftp tinterfaces to Cyberdiick and 
Transmit are available), interaction with iTLines, clipboard 
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you think it. you create it. 


REAL Studio is the powerful, easy-to-use tool for creating 
your own software. At REAL Software, we call it a problem 
solver. You've probably said,"Wouldn't it be great if 
there was an application that..." REAL Studio fills that 

www.realsoftware.com blank. 


Download your free 30-day 
trial edition today! Or buy now - 
REAL Studio comes with a 90-day 
money back guarantee. 


REAL Studio compiles native applications for Mac 05 X, 
Windows and Linux from one set of source code. Each 
version of your software looks and works just as it should 
in each environment. You can even create a Universal 
Binary with one mouse-click. 


REAL Studio 


lAL Studio is a trademark of REAL Software, Inc. 
?010 REAL Software, Inc. 
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Ml Spotlight Samples ^ 

Dehnition of spotlight ^ 
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hqmci C^wnloi^ds SpotJjght Sampler 

Figure 6 - Quick Search Box search. 

Like Quicksilver, QSB also has a plug-in architecture, 
however, with not nearly the breadth of functions. This 
makes QSB a little more accessible. While it’s a capable 
launcher, it really functions well as a local search. Coming 
from Google, you almost expect the search aspecL 

The killer feature of QSB comes if you're a heavy user 
of Google products; it has the capability of searching the 
cloud products, too, like your Google Docs, Gmail or Picasa 
albums. Of course, this require.s authentication and involves 
setting up your account si in the program's preferences. 

To perform a search, invoke QSB via its hot key 
(command-command by default) and type in your query. 
The default action is to open the result, but pressing the tab 
key will allow you to override the default action. 


QSB can also include Spotlight results, which allow it to 
perform the same tricks as Spotlight (calculations, for 
instance). 

Also, like Quicksilver, QSB is Open Source, It can be 
downloaded from http://code.googie.conn/p/qsb mac/, which 
also has a link to the source code. 

Alfred 

Alfred is one of the newer launcher/productivity apps 
in this catego^>^ It also is the only one that follows a two- 
tier model: Alfred itself is free, but there's a “Powerpack” for 
sale that extends Alfred's capabilities. 

The free base download is pretty much a search-and- 
launch (open) utility. Frankly, ihafs often all that is needed. 
The Pow'erpack adds the abilities that are already built into 
some of the other utilities: copy/move/email a document, 
and so on. 
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Figure 7 - Alfred in action. 


0 Real Zoom 

Right click on the green Zoom tjutton to 
ma)?lm!ze iivindow to the whole screen 


^ Real Close 

Right click on the red Close button to quit 
given apphcation 


Figure 9 - NuKit can overritle certain OS X window behavior, 


If youVe read ihh far, you know the drill: define your hot 
key, press the hot key, type your search and look at the results. 
One of the simple, yet awesoEiie touches in Alfred Ls ilie laci 
that you can jump to any search result via a shortcut listed at 
result-time (return for lirst item, command-2 for second item, 
and so on), This interface element carries on to all lists, 
including the actions presented by the power pack, 

The other thing that i’ve noticed while using Alfred; it’s 
JcisL Like, supersonic fast. Quicksilver is a close second for 
responsiveness, but in my day-to-day w^ork, Alfred takes the 
trophy for speed. 

Check our Alfred at http://alfredapp.com. 

NuKit 

After all of these other entries, then there was NuKit. NuKit 
is the newest entr^^ into this categor}^ NuKit is a very MacitUosb 
application, in that it goes beyond the launcher and can alter 
the behavior of specific Macintosh settings, l,ust time: hoi key, 
search and select. 



Figure 8 - NuKit searching 


Its very cool that NuKit can override these beliaviors, 
f:tarticularly the “Real Zoonf option. I know many people that 
get frustrated w^hen clicking the green zoom widget only to 
have the w indciw' maximize to full height, but not resize to full¬ 
screen. NuKit also has {jplions for moving and re-sizing 
windows withoul using the tradilitjnal locations (re,size-grabber 
and titlebar, respectively), 

NuKit is downloadable from hftp://nulana.£om/nukit. 

Conclusion 

Simply, the conclusion here is that there are many ways to 
inerease your productivity by keeping your hands on tlie 
keyboard. Ensure that you're using the built in functions first, 
and then layer tan some new functionality, The real trick is 
finding which utility fits your style: sw^eet and simple (a 
launcher like Alfred) or the kitchen sink and then some 
(Launchbar, (Juickstlver). The great thing is that each utility 
mentioned is eillier free or has a demo mode allowing you to 
try each utility here. 

Media of the month: Fn^akouoiuics: A Rogue Economist 
Explores the Ilkhkm Side of tjeryibing by Steven D, Levitt and 
Stephen J. Duinner. I know I'm a bit hue in getting around to 
reading it, but I finally have and highly recommend it. 

You’re hopefully reading this, sitting at MacTech 
Conference 2010! l^lease be sure to say hello. If youVe not 
attending, slay tuneci for some folknv-up reviews, Until next 
month, keep IcKjking for ways to increase yc3ur productivity and 
ways to bring I he shell into the GUI. 


NuKit does not have a w^ay to configure the locations in 
which it searches. For me, this means missing nearly every 
application I use regularly. Howler, for the low^^st common 
denominator, NuKit’s search locations are fine. 

As mentioned, NuKit can alter some Mac-specific 
functionality. This includes the triviak like Dcjck appearance, to 
the functional. Check out Figure 9 for two examples of 
functional preferences. 
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Consultant Cowboy 


by Ryan Wilcox 

Your Own Software 
Consultancy 
Business: More 
Starting Thoughts 

Things to think about, about 
yourseif, before going out 
on your own. 

\_ J 

Introduction 

Farly feedl^ack ro the first article in my Cowi'xjy Ccjnsuitiint 
series pointed out some issues in tliat article, Tliis major flaw is; 
wliile the life of a rock star, software consultant cowi>oy .sounds 
awes<DtTie, it's important to note that not everyone has the 
temperament, flexii:»ilit>; or long term goals compatible witii, being 
a a>nsLiltant (or even being self employed in general), 

Kverytliing’s not all roses, Critena For Success lists, Fame and 
[xiwer and money coming in like a river Being on youj- own 
requini^s a certain mentality attitude, some lisk/reward gratification 
defeniient, and perstrnal prepamtion. You'll also have to deal with 
tlte preexisting financial system where, beamse you don't 
physictilly make anytliing, it could be liLird for you to get linandng 
like otlier people. (Tills Is, !>y tlie way, excellent news in my very 
liscally-ct>nservative opinion). 

Before you start ^mylhing, you probalily should thinly hard 
aliout yourself and see il you can liandle being a c'onsiiltant, and 
self-employed. There's more tli^m ytjur individual tempemment 
here ItKi; what alitiuL the people around you? Your long- 
term/steiidy boyfriend or girlfriend, sptmse: what do they tliink 
about this decision? 

Maybe you're not at a place financially where you can ck> tliis. 
You're thinking; “There's the house, car, Su7iex college fund, and 
the secx>nd mortgage to wony^ about! What if! have a hid monili?" 
Tlien maybe consulting full time isn't for you. 

Then again, mayl^e consulting, but on a part time basis, is 
actually srxnetliing to consider. The situation above, with worries 
about the house, car, and Suzie, mayl:)e it would a good idea to 


sacrifice nights and weekends for anoilier income stream and 
additional stability. 

This article wdill go over some, but not all, of the things you 
have to think about mentally, tlicmglirn about risks / rewards, your 
own personal preparation, and thoughts about financing, assets, 
loans and otlier money thoughts. 

Mentality 

It takes a c^nain type of individual to handle running his or 
her own business. Maylie it's just not right for you, or not right for 
wTiere you are in life. There are seven areas where you should stop, 
iliink alxjul your (:>ersonality, and assess if taking the plunge is right 
lor you. 

Ability to Handle Uncertainty 

A (lowboy Consultant's life i,s lull of uncertainty. “When's die 
next big client going to come along?" “Hmm, 1 invoiced Client X 3 
wrecks ago with a NET 30 Invoice, so when exactly is die check 
coming in?” “Do I have enough money to pay my taxes on time, or 
are they going to lie late again this cjuarter?” Or, “IIow^ do I liancUe 
this or that client?" 

Fven worse: “1 think this project is tor) big for me to liandle 
right now, how do I get some additional help?” 

Being an employee, in diLs respect, is awesome; sit down at 
your culie, get your assigned work, and let someone else deal with 
the money, project man;igement, and allocated lesouaes. 

The gocxl part aliout being .self-employed is tliat you are in 
contr{)l of die.se decisions. Tlie bad part about lieing self-employed? 
You are in control of these decisions. Maylie die glass is half full for 
you in this respect (“Awesomcl 1 get tc) lie captain of my own 
destiny”), and maylx* it's lialf empty CTIgh, f reidly prefer knowing 
things for certain, and n{)l having my larger plan disrupted' ). 

Ability to Handle Clients 

If you’d rather your work be given to you, so you can keep 
your head down and fexus on programming, starting a consulEint 
business might not be the place for you, 

If tianslating user recjuiremeoLs from client-spe^ik isn’t your 
cup of tea, you really don’t want to have to focus on the lull stack 
of application development (or really just like someone else being 
on projects widi you!), or if you'd really like to just have one Ixjss 
(instead of many clients-wdioaremow-your-lioss). .. maybe rediink 
this a hit. 

Bec’ause wMe “being your own lios^s” is one of the hyped up 
Ixuefits of owning your own business, this actually means you 
luive many liosses; your clients. 

Loss of Time For Personal Development 

Your time for experimentation with your favorite tool will slow 
down tcx>. There’s lieen many, many, a night when I’ve been 
writing email to clients, and I've seen people on my Twitter stream 
say, “Oh cxx)l! Ijook at this Rails diing I built tonight!” Meanwhile, 
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here I am writing emaiJ and taking care of business de\’^elopment, 
instead of playing with code^ 

Tenacity / Perseverance 

As a business owner, there are going to be obstacles. Refuse 
to let them stop you: Acknowledge the obstacles are there, decide 
they wcmt stop you, and then you can take them on in confidence. 

A quote from Think And Grow Rich (by Napoleon Hill, with 
initial motivation of Andrew Carnegie) applies here: ''No follower of 
[Think md GrowRkb] can expect riches without temporary defeat. 
Wlien defeat comes, accept it as a sign that your plans aren’t sound, 
rebuild ihern, and set sail once more" 

Hard Work 

You certainly can't be adverse to liard work: 50, 60, 80 hour 
weeks will lie throwm you way. Maybe a client vi^itli an imptxssible 
deadline, or 5 clients that all had a bad week and you need to help 
them all 

You know you might lose, you but really, 
really don^t want to 

Daniel Jalkut, of Red Swetiter Software, had an entry on his 
weblog late last year: ""Only A Game”: http://www, red- 
sweater, com/blog/1049/only-a-ga me, part of which I’ll reproduce 
here: 


believe that the best game players are tliose who 
acknowledge they might lose, but who really, really, really, really, 
really, really don't w^ant to. 

By acknowledging a risk of failure, you implicitly 
acknowledge: 

• You are willing to aceept the consequences of losing. 

* Tlie choices you make in playing the game ^iffea the 

outcome.” 

Hie entry' goes on to say tliat you must acknowiedge that you 
might actually lase your business. Know'ing tliat you may lose it, 
:md being OK with that, but knowing you really, really, don’t limit 
to lose it: tliat is important. Who wants to go back to he boring 
CLil^e at MegaCorp, 8:00 to 4:30 w'ith a 30 minute lunch break, and 
mandatory, unpaid, overtime on Siiturdiiys? 

So, given that you know you could fail means you have to 
choose your business moves wisely. Much of die advice in this 
series might seem overly cautious to some, but my goal is to give 
as much intbrmation as possilile, tlien you can make a wise and 
informed business choice for yourself 

Wlien J told one of the reviewers, of the previous article in this 
series, that I was going to point to this blog entry, he said: 

''I w^ould add that the liest of the liest ate the ones who can 
deal with the inevitable loss or two and keep a positive attitude. 
.\lsQ, the liest of the l>est of the liest are the ones w^ho know diat 
even if they do everything right, they still miglit lose, and diey have 
a plan to land on their feet should diat liappen." (- Matthew 
Strange) 
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Hack Life 

By hacking life I don't mean: "Read iifehacker.coiii and learn 
5 better ways to brush your teetli”, 1 mean big things. As an 
entrepreneur you're aheady making money in a much diffcrent way 
than most people do: no employer is paying you a salary, 
withliolding taxes, putting money in your 401CK). 

Starting your owm software consulraney business meaas you 
can, and should^ find places w'here traditionitl ways of life make 
you struggle, like trying tc? walk up a down escalator Can you find 
tliese places, find the up escalator, and arrive at ycmr destination far 
easier? 

Tim Ferris's book The Four Hour Week is an awesome 
lesource for ways you can eschew traditional patlis set up for you. 

As an example: a f{inner coworker of mine was working in the 
US while his family was home in India. His plan was to w^ork for 9 
montlis on our project, tlien return home, finish his university 
.Studies, tlaen take a year or tw^o oft He could do this liy taking 
advantage of the lower cost of living in India, and the fact that, as 
a software engineer, lie was making good money even by US 
standards. That kind of money w^ould support him and his family 
for several years back in India. That idea (w^ork for 9 montli.s then 
take a year off) sounds like a good idea to me! 

Another life hack is simply saying "No'' more often. Turning 
down new project work, for example, is hard, even T you already 
have a 50 hour work w^eek of billable work. Asking T you can 
postpone tliis new project for a later chte is a great w ay to both start 
a fxitential relationship, while preserving your personal siinity', 


Another life liack Ls to reevaluate current commitmenus as new 
ones appear. Suddenly you're making a w^ebsite for your bowling 
club? Great! Where does tliat fit in your personal to-do list, and what 
does this new project bump {)ff your immediate task radar? 

Last, and final hack: ever want to move to Europe For a month? 
Prohibitive cost you say? Not if you avoid hcitels, (House swapping, 
couch surfing, or my perse ml favorite, http://www.airbnb.com—say 
it witli me: Air Bed And Breakfast—^are all great ways to do tliis). 

In my own personal example of “tiding the up escalator, 
instead of iighting to go up on the dowm esc^alator”, I use 
aiibnb.com on my frequent trips to Washington DC, paying 40-80% 
of w hat a hotel room would cost me, and sometimes getting far 
better accommodations than a uomial Mei>k, chair, TV and bed” 
hotel room] 

Risk/Reward, and Deferred 
Gratification 

[n tfie previous article of this series, I stiid I made a “Criteria 
for Success" list. Uiis list defines goals that I want tor mysefe and 
these give me goals to shoot for. and lets me define what success 
means for me. 

1 thinic lietier tlian just making tliis list, Ls to make the list, tlien 
sort it in prioriri^ oitler. Hem are mine, sorted: 

I ) Atiility to coasistently w rite paychecks for myself 

2) Ability to cratch up (on taxes, .savings, checking etc) when 
IxilI times have passed. 

3) Sliould not have to \’atch u]^” on previous quarter's taxes. 
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4) Bringing home $XX / hour after taxes, savings, and 
counting my non-biliable time spent working on the business, 
billing, and writing. 

5) Focus on: good people, good relarionships, and good 
work 

6) 6 months average income in the bank 

7) Ability to travel, one month out of tlie year, abroad 

Being able to pay myself was essential, but much furtlier 

down the list in priority is other things 1 want, but that may take 
a while to achieve, and I’m fine with that. 

Sometimes you have to sacrifice tilings you really want for 
the sake of the business. For exatnple, 1 was planning on going 
to (what would be the last) ADHOC/MacHack conference. 
(Wrote a paper for it tool) However, I had to sacrifice tliat 
because 1 realized I was out of money and had to scale the 
business back by letting go of my employee and part time/intem 
worker. (Yes, that marked die first time the business nearly 
failed). I realized it was more important for tlie business to stay 
put, tidy up the loose ends, and stop spending money that I 
didn’t have. 

Running a business isn’t all peaches and cream. 

You might have to live in a smaller, more run down house 
or apartment than you might like, or hirther from the big dty 
than you might like, for a few years while working up to your 
goals. 

You have to be OK with working hard, potentially for many 
years, to achieve ail of your goals, even at the cost of some 
hardship? Are you willing to potentially take no (meaninglul) 
vacation for 10-20 years if diat’s wliai it takes to enable you to 
take a month per year when you reach 50? 

If you (or your spouse or significant other) aren’t ok with 
this, you should recon.sider any thouglit about starting a softwaie 
consultancy business. 

Starting a software consultancy liusiness shouldn’t just be 
about managing financial risks. The goal of any entrepreneur 
should Ixf to making the most money possible with the lowest 
amouni of risk. 

1 recently watched The Red Baron movie (2008), and a line 
from that resonated with me, a line that went .something like this: 
"I only get into a fight I know I can win. If I don’t think I can 
win, I break off and run away” 

The Consultant Cowboy life has plenty of risks and 
uncertainty. “My current 40 hour a week contract is ending next 
week, what will I do?” “Website jobs seems to be drying up.,. Ls 
it just me, Ls it a pattern. or is it just a natural ebb-and-flow and 
I ll see 5 clients next monih?” Again, if you, or those you loved 
ones aren’t OK with this, you need to reconsider. 

Even if yoifre an engineer with 15+ years of experience, 
well known in your respective community', you should expect die 
first yeiir (or mo or four) to lie hard. 

As for me, ^opened up my business right out of college. I 
lived in an area tJiat, at die time (2003) you needed about 
$15,000/ycar to cover very basic living expenses. I know this only 
because one year die business brought in $12,000, and there 
were mondis I used the credit card pretty heavily for some 
essentials (fcxid, gas, and bills). 


On the other hand, don't rule things you 
want out yet... 

For all the talk about risk, deferred gratification, and working 
very hard to meet your objectives, it’s also imporumt to note that 
saving up your money for a big payoff at the end has only one 
problem: what if diat payoff never comes? 

The four Hour Woiis; Week talks about this a bit, although 
potentially to an extreme. However, the message 1 got out of it was; 
sometimes die good life can be yours, for less money than one 
would expect. 

If one of your Criteria For Success items is the ability to work 
for 3 mondis out of a foreign country, the book Gettifig Out lias an 
excellent breakdown of cost of living, inffastructure, languages, etc. 
Tlie inJVastruciure secdon for each country also includes 
inlbmiation on Intemei connectivity. 

If foreign travel isn’t your cup of tea, certain places in the US 
can lie cheap, especially during the off-season. 

This trick of working somewhere else for 3 months works very 
well if the place you are visiting has a lower cost of living compared 
to where you normally live: billing out your big city clients, but 
living somew'here where the cost of living is a fraction of what it 
would lie in the big dty. ( The Four Hour Wo?k Week has some tips 
here: like subleasing your home, or packing up your apartment and 
moving your things into a storage locker for a year, so that your 
home expenses are not a drain on your finiinces.) 

Even if you're still working 10 liour days in Rio De Janeiro, you 
still have weekends and some lime during die evenings io explore, 
go to unique places, and take aidvimtage of the experience. 

This d(x 2 sn’t w^ork for everyone, and it does make face to face 
meetings pretty^ hard But this is ju.sl an example for illustration: if 
the goal Ls to drive a fast, shiny spoits car, perhaps you c’an make 
it work by leasing (instead of buying) the c'ar? 

Some things will be, regrettably, much harder for self- 
employed individuals than it i.s for the geneml populous fltuying a 
house, for example.,.) 

Personal Preparation 

Up until now in this article, I’ve talked alx)ut your mentality, 
tilings you might not be able to change about yourself (or if you 
do take them on as personal growth challenges developing them 
might take years). Tliis section, on personal preparation, is about 
understanding yourself, your current worktlow, ^ind what typo of 
person you are so you can direct your business properly. 

Wilde your mentality may move at a glacial pace, dmnging tlie 
following items Ls more easily acconi[>iLslied. 

Carve out a space/time to work in (and be 
disciplined about this) 

The life of a freelancer might feel awesome at first: "‘Nobt-xly’s 
my bass! 1 can take today off if I want, sleep until noon then go to 
the beach!" While this is awesome, Id also encourage you to treat 
your business like a business. 
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Keep set office hours for yourself, You these don’t have to be 
9-to-5, bui they sliould intersect (at least a littlel) with the working 
hours of your clients. If your working hours want to l^e from noon 
until eight, go right ahead! 

Keep a sepanire space to work in. Preferably, a s|:Jace you can 
close the diKyr on and wall< out of after a 12-hour coding session. 
1 would not recommend working solely in your bedroom, or your 
living room. For one reason, it's really depressing to spend 22 hours 
of the clay in the same little rtK>m. (I know: Fve done it before!) 

Another advantage of keeping a .separate spac^ is that Lliere 
are tax advantages to irsing a pail of yoLtr residence as an olftce: 
[RS Publication 587 says to c|LiaJify for such a deduction you must: 
"luse part of your honiej Exclusively and regularly as your principal 
place of busine.s,sri Publicarion 587 sj:>ells out exactly w^haf.s meant 
by 'exclusive use': 

“To qualify under rhe exclusive use test, you musi use a 
Sjx^cific area of your home only for your trade or business. The area 
used for business can Ix^ a n^om or other separately identifiable 
space. Tlie space does not need to he marked off by a f^nnanent 
partition. 

You do not meet the requiiements of tlie exclusive use test if 
yoLt use tlie area in question botli lor business and for [personal 
purposes. 

[An e)xiimple: You are an attorney and use a den in your home 
to write legal hriets and prepare clients' tax returns. Your family also 
uses Uie den tor reaeation. The den is not used exclusively in your 
pn)fession, so you cannot claim a deduction for the business use of 
the den.” 

If you miLSt LLse your living room as your otBce (studio 
apiutment, you live in NYC and a two liedroom is out of the 
fiirancial question), find some way to segregate your oftlce-space: a 
changing screen, or do a search of hltp://www.lifehacker.conn for 
“tiny home office”: tliere are tons of entries about home offices, 
Willi pictures, tliai you might get inspiration from. 

There’s a great quote from llye four Hour Work Week again 
tliat applies here: “Set a single space aside for work, and solely 
work, or you will never lx able to escape it." 

If you need a tradition every day, to start tlie ball rolling, tlien 
start a tradition; If making a 7:(X) AM Starbucks run every' day ls 
what marks the stirt of your work day, more power to you. Maytie 
ifs a 3 mile nm at 9a30 AM, after your spouse leaves for work (great 
if your mind works best in the afterntxin / early evening hnurs!). 

Carving out a work day, initially, will acuially lx harder than 
you tliink; you will get calls like, "You’re self employed, so that 
means you're free, can you run Aunt Milly to bingo, pick up the diy^ 
cleaning, go grocery shopping, tlien take Aunt Milly back to her 
home, an hour away from where .she plays bingoi^'' Ifs often very 
hard to make pecjple realize that you have a job too, witli schedules 
just like everyone else. 

Personal Responsibilities^ Clients and Goals 

One of the awesome things about Ixing a freelance software 
consultant is that you don't have a lx)S5, ,. but now you have clients. 
Perhaps multiple clients at one time, each with their own agenckis, 
schedules, and deniiinds. CUeiit tliat don’t know, or don’t care, that 


you have a big dcatlline Ihi your otlier client, and can't take care of 
them right noiii 

This takes personal responsibility on your part: part 
scheduling, and part communic^ation. 

Tlie scheduling part may lx eisy or may be totally out of your 
liand.s. If the schedule of a citenfs pnsject is m(xstly under your 
control, then schedule around other (less mrivable deadlines). 
Youll probably still have sitiiatiotis where you have 2 big deadlines 
in die s;ime week, hut the more you can avoid this the better. 

Ccjiiiniunication is im^xrtanl too, and one of the places where 
I personally need .some help. I teel tliat 1 often lag Ixhind 
resjxmding to clients over etmll, IxcaiLX Em busy %vith other 
projects. I've liad to discipline myself to send I’m busy right now, 
but here’s an incomplete answer for you", “here’s part of your 
retfuest, Ell get to tlie rest later ’ emails whenever possible. 

These last two items (carving otit a space, and 
scheduling/communication issues^ can lx applied even if you're 
just freelancing in your spare time after your full lime job. You could 
schedule working hours; 8 PM to 12:00 every Tuesday, Wednesday 
and Thursday; for example. 

Understanding what kind of person 
you are 

LTnctetanding what kind of person you are is also important. 
Are you extroverted? Do you go crazy locked up iti your house for 
days at a time? Aie you okay with die only interaction you have 
with live people in front of you is to tell die liarisia what kind of 
colTee you want during your 7:00 AM Starbucks am? 

Running a .sr)ftware consultancy business and freelancing can 
sometimes mean you don’t .see anyone for days at a time. (Tlie 
Oatmeal has an excellent comic strip about this: 
http://theoatmeal.coTn/comics/worlcing_home). If you know at the surt 
that you need to see people, then l(X)k into alternatives to working 
outside your house. Co-working groups or spaces 
(hltp://coworking.pbworks.Gom/), a Inendly coftee .shop, or make an 
extni effort to get outside with clubs and social groups, Mayiie it’s 
a goexi time for you to take up bowling! 

Maylx that doesn't work either, and one alternative is to look 
for long temi clients tliat prefer you to be onsite most (or all) of the 
time. In future articles we 11 talk more atxut how^ your persrjnaJity; 
style of work, and amount of other responsibilities affect wliai Idnd 
of gigs you should take. 

It takes ceitain other character traits to lx able to puE olf 
Ixing a consultant. For example: 

* Introverted: can liandle potentially working alone evety day 

* Capable of selfxlirection. If you’d rather someone give you 
direction, and just keep your head down and not worr\' about 
it, then maylie freeiancing isn’t for you 

* Can liandle a liir of financial uncertainty: a veiy bad place is 
Ixiween clients. Some of the worries can be mitigated witii 
your business savings account (and seed money, 11 it comes to 
tliat), but there will always be worries. 

This character trait applies nut just to you, but your 
spouse/signiffcant other. If they can’t handle this pieex; of the 
puzzle, then that means you can't handle it either. 
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Financing: assets, loans and loan 
avoidance 

The awesome thing alx>Lit starting cxmsiiltanty businesses is 
thitt you don't need any big upfront investment. Apple's developer 
prognini is SHOO/year, or (T youVe a web programiner) there iiie 
tons of open source languages and Iramevvorks out tliere, available 
at no cost 

Tliat’s to your disadvantage too: your eveiy^day manufacture 
plant kis asseLs like a building, or manufacturing ecjuipnient that 
can be levemged when cash gets tight: Second mortgage for the 
buildings, or get a k)an tor a piece of machineiy using the machine 
itself as collateral. You’re happy (you have money, or that machinej, 
and the banks are happy (they have something they could seize if 
the loan deiaults). 

As programmers, we just liave our (increasingly cheap) 
laptops. In fact, if I was starting now', and doing web development, 
1 miglit consider buying a $300 netl>ook with Linux on it. But tliat’.s 
not a lot of value you cun leverage at the bank, or selk)h things get 
tiglit. 

This is why I recc3mmend buying an expensive desktop 
machine, A Mac Pro, as beefy' as you have cash for. Pay cash, not 
with financing: if things go sc^uth in six monrhs you want to rum 
that machine into chunk of money, wiiich is hard wlien you have 
to use most of that diunk to pay off the machine in die first place! 

'Hiis illustrates an im|X)rtant point: as software engineciing 
consLiltints, we need to go sliglidy out of olei way to cmate 


Your iPhone/iPad Idea 
to Fruition in 2 Steps 

O Bring your application idea to Zco 
0 Zco designs and develops your app 
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stumped by this puzzle? The answer is on our website 


leverage-able assets. The money pfiid for a beefy macliine will still 
get you laughed out of a bank (too small of a loan!), but eBay, or 
local Apple resellers are ail avenues to potentially turn that machine 
into cash. 

There's an advantage in not having any real assets in the 
business: you C'an't borrow your w'ay into tens of thousands of 
dollars of debt. Well, okay, you could moitgage your house or car 
for die business. (This is bad. If you’re thinking about doing this, 
you need to stop digging and start w^orking on how^ to get out of 
your current mess). 

My rule of diumb is up when there’s less than one mondi of 
savings in your back account, it's a sign you’re doing something 
wrong and you need to compensate. 1 know IVe had to make die 
following cliange several times: ’T will pay myself first, and niy 
creditors after tliat.” 

One otlier area that lias come in the irasl is, 'Invoices w^ere 
late dus mondi, so I had to borrow from savings, so I need to pay 
dial hack first of all,” 

TTie idea in all of this is to liootstrap your own business, and 
keep it afloat by frequent reevaluation of your money situation. This 
might amially sound like agile development, and you could diink 
of it that w^ay: new facts liave surfaced and we need to ckinge 
course to compensate, and overccaiie, dicsc lacis. 

'fhe liesi way to avoid thee situations allugeiher is by careful 
monitoring of your cash flow, and use some maybe not obvious 
billing strategies. Some of the strategies will lie ciistmased in a future 
article, 

1 started my consultancy business with only seed money 
(which I tallied about in tlie first article) as an asset. No house to 
lev^erage, no c::ir that 1 could (really) leverage, little savings in tlie 
[rank. I moved back witli my parents during tlie first six rncmths of 
die business, to let me gauge cash flow without worrying about 
paying rent. 

Conclusion 

Tills article has ftxused on mental, personal, and financial 
pieparation you should do, making sure (Opening your own 
software engineering consultancy shi^p is right for you. Mayte 
you’ve decided that going out, cm your own and starting a software 
engineering consultancy business isn’t Ibr you right now^, and tliat’s 
OK. 

Next week we’ll cover actually starting up the busine.ss: 
financial and legal tilings you sliould tliink alxiui, and general 
business prc^paration you should lx? [irepared for. 

Have fecxlback.^ I’d really enjoy hearing it, feel free to email me! 
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WHEN LIFE THROWS YOU 
A CURVE BALL. 

Clickfree's Transformer SE Backup Adapter converts any 
brand USB hard drive, iPod or iPhone into an Award-Winning, 
Clickfree Automatic Backup device. 
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unique, fun learning experience 


by Edward Marczak 




Introduction 

Being an East-Coasler, 1 snmetiiiies look west witli a little 
envy. There are an incredible number of leading-edge events 
that take place in California, and there are only so many tliat 1 
can personally attend. One show that Eve been tracking closely 
is the Maker Faire, After a Few years ainning in several places 
that were not NY (San Mateo, primarily), this year saw the first 
Maker Faire NY, This year's show took place at the New York 
Hall of Science in Queens, NY on Septemher 25^^^ and 26*^^, 
Read on to find out why you should be on the lookout for 
Maker Faire in your area (or why you should want to travel to 
one). 

Origins 

Maker Faire is a part of O Reilly Publication's MAKE 
Magazine, From the MAKE website, "it’s a community of Makers 
w'ho share their projects and skills. MAKE is whal-you-MAKE-it. 
It’s a growing DIY movement of people who look at things a 
little differently and who just might spark the next generation 
of scientists, engineers and makers. Our mission at Maker 
Media..,is to unite, inspire, inform, and entertain a growing 
community of highly imaginative and resourceful people who 
undertake amazing projects in their backyards, basements, and 
garages. We call these people Makers. ” Sounds like a tall order? 
Weil, turns out diat there are a lot of people anxious to display 
their work and share the how-to spirit. 

The Faire took over the voluminous outdoor parking lot of 
the Ne%v York Hall of Science (http://macte.ch/nyhos) ami 
spilled into the Hall itself. Admission included the outdoor 
grounds and entry into the entire Science Hall, The bulk of the 
Faire is outdcK^rs, in and otU of tents set up for the occasion. 

The Faire itself is an incredible blend of iron working- 
hackers (Figure T Jet Ponies), electronics-hackers (even pre¬ 
fabs from Arduino and Sparklah), crafts (yes, like crcjcheting^ 
sewhng and other art), robotics, carpentry' and more. I imagine 
this ct)mbinatJon is like Burning Man, hut not in the desert. The 
crafts tie-in acmally works much lietter than 1 had anticipated. 
What if you want to make an electronic device and give it to 


someone? Are you going to hand them a bunch of LEDs 
hanging off of a breadboard? Better: find a criifty way to make 
it presentable (or just o%^er-the-lop cool). 

NYC 2010 

Specifically, though, 1 want t(^ talk about wJiat was present 
this year at the 2010 NYC incarnation of Maker Faire, As has 
been typical of past events, plenty of home-brew, create in your 
garage/basement products w^ere on display. 



Figure Idet Ponies 


J ve heard reports from friends tlaat have been attending 
the Bay Area Maker Faire and it doesn’t seem that the NY 
incarnation was much different, or suffered as a .scaled-down 
step-child of the original 

One large tent dubbed the ''Maker's Shed" hosted a stage 
where Makers demonstrated their projects. This included Bre 
Pettis show'ing off the Maker's Box, a 3-D printer that lakes a 
file as input of die modefs description and then “prints" our a 
physical model by melting piasdc pellets and slacking them in 
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the right order. You can download plans from 
hftp://makerbof.com and build a Maker’s Box yourself, or, one 
can l:ie purchased in complete form, ready to use. Outside of 
this presentation, demonstrations ran close to on-the hour. 
Honestly, you could sit in this one spot nearly all day and just 
watch the presentations. 

The Maker’s Shed also had a large area dedicated to learn 
to Solder" As a long-time electronics buff and soldering person, 
1 have to say that soldering is incredildy easy and iiistandy gives 
you geek cred. llie learning area was great as it got my two 
children excited about learning to solder TheyVe seen me 
solder...Ixit that wasn’t interesting. See it at a fair? Interesting] 
So, they got to sit dowm and solder a wearable pin to wear that 
included a rainbow^ LED that showed off their newfound skills. 

Arduino (see sidebar) had a large presence inside the 
Maker’s Shed, showing common Arduino modules, tx)oks about 
Arduino and kits that get you up and tunning quickly. Several 
Makers stopped by to show off their handiw'ork. Sparkfun is 
similar in concept to Arduino, and also liad a presence at the 
Fa ire. Located not in the Maker's Si led, but in the Youth 
pavilion, Sparkfun set aside enough room to contain several 
workbenches for people to work on building with Sparkfun 
kits. 

Invasion of the Corporate Sponsors 

One thing did seem new at this particular Maker Faire: a 
host of corporate sponsorship. Frankly, I know how^ this works 
and at some point, it’s needed (or just useful) to pay the bills. 


Arduino 


Arduino is an Open Souree elecuonics platform. The 
reference hardware is available both as raw plans (free) and 
in pre-fab form for purchase. Interacting with Arduino 
modules requires some programming. The Arduino 
Programming language is also open source and freely 
available for download. See http://ordyino,cc or 
http;//orduino.org for more information. 


Orherw ise, for wlat it takes to put on a show like this, ticket 
prices wtjuld simply be beyond the reach of most people. That 
just doesn't make for an interesting show. 

Ford was one of tlie names you immediately notice upon 
entering. Tlie Ford Fiesta sulncompact was on display (which 
had a raffle to wan) with claims of 40 MPG (which, outside of 
the US market isn't really that impressive). In the shop tent, 
Autodesk showed how their CAD tool can control machines to 
generate the model that you created in softw^are. In the 
technology tent, Wolfram showed off...something.. .about 
niaili.. hut they were there! In the craft pavilkm, Martha Stewart 
Living Magazine had a large outdoor display, and there were 
other corporate sponsors. 

All of this was in contrast to booths of independents (ok, 
’’Makers") that diLln't always match up with a "corporate" image. 
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Compare Martlia Slewart to Mean Cards (http;//meancards.com), 
and you can see tlie slight discord. Of course, some of these 
pairings worked very nicely—think ^'blfram and Arduino. 

For what it^s wortli, this was a fine way to help luring this 
show' to a larger audience. The corporate presence w^asn't 
invasive or overwhelming and certainly didn't control the event. 

The Makers 

The Makers came from all over, but there w^as a heavy local 
bias. Many local Makers were thankful for this NYC event. 
Brooklyn—home to Makerlx)t Industries—was also heavily 
represented. Many faithful Makers from the Bay Area made the 
trip, too, to stay involved and show' their work to a new 
audience. 

One thing that the non-corporate Makers could handle 
easier than the coquorate-types could was io get you to sign a 
waiver to participate with their garage-built projects. Figure 2 
gives you a little more idea why. 



Figure 2-The things ycm'll do for Science! 


Let’s just say that not everything at Maker Faire is “high- 
tech" One of the repeat attractions—and one that travelled 
from California to keep the tradition alive—is the “Life Size 
Mouse Trap.” Remember the Rut>e Goldberg-esque board 
game? Well, this is a life-sized version. 

The Maker, Mark Perez, created the Mouse Trap over a 
period of 13 years. Instead of trapping a mouse under a cage, 
however, the ultimate act of this machine is to drop a two-ton 
safe...onto a car. 

Tliere w'ere basic science demonstrations, too. How much 
mass can you fir into a LISPS small flat rate box? Josh Levine 
showed off custom-made lead and tungsten ingots that are 
surprisingly heav>' for their size. Passer-byes got to compare 
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Figure 3 - Life Size Mouse Trap. 


similai- volumes of tungsten, lead and water to see how density 
affects w^eight. 

There were music makers, craft tiiakers, electronic makers 
and more. The entire list is too long to reproduce here, iint all 
of it w'as interesting. 



Figure 4 - Two-ton safe prepping to be dropped. 


Mac... Tech? 

Why are you seeing an article about an event like this in 
MacTecb Magazine? First, \t s all just part of the hacker culture. 
!t’s fun! Ai.so, its practical; create an idea in your mind and then 
create it in the real w^orld. There were a lot electronics that 
ctuild i:>e driven by/get data from a computer. 


Second, it was a year for Macs! I’ve been going to computer 
and hacker fairs since I was quite young (and don't ask me how^ 
long that's !)een) and this scene has always been dominated by 
PCs doing all of tlie work. From [)OS to Linux and Windows, 
Macs have traditionally feen prett}' few and liir l>etween. 
Interestingly, at tliis year's event, Macs reigned supreme. While 1 
don t have any official count, Macs were eveiywhere you IcK^ked 
and perlbrniing iJi just aix>ut every^ role. This is great news, 
aaually. Seeing thai more people are taking the Mac seriously as 
a hacking, devek)pment and control platform is really wonderful, 
(There were a lot of iPhones around, too, by the way). 

Conclusion 

Maker Faire NY 2010 ran for m'o days, Sept 23^^^ and 26^^', 

which you could easily let take up your w'hole weekend. It’s about 
the geekiest thing I've done in a wTiile (and liiat's not for lack of 
tiy'ing, eitlier). It was great to see my kids enjoy all of tlie displays 
and learn a bit in the process. Believe it or noi, I spent from lOam 
to alx>Lii 7pm on Sattaday at die show and siili didn’t get to recilly 
see eveiy'thing. Keep an eye on ht!p;//www,makerfafre.conn and if 
t>ne comes to your area, don't hesitate to attend! 

\\\\ 
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The Best-Selling Internet Communications, Security, and 
E-Business Components, Now Available On: 

Mac OS X and iPhone! 


COCOA FRAMEWORKS FOR INTERNET COMMUNICATIONS 



IP*Works! eliminates the complexity of Internet development providing easy-to-use, programmable components that facilitate 
tasks such as sending E-mail, transferring files* managing networks, browsing the web* consu ming Web Services, etc. 


Internet Communications 

■ IP*WorksI - [Core Framework) 

A comprehensiyie framework for Interrret developmenu The core 
building block for most/n software products. 

Components- iPMonftOf. MX, REST, WefCode. ffSS. NNTP, SMPP* POP 
flexec, Psfie/t, Systog SJWrP. WebDav, SOAP XMPP Tefner, Ping. TFTH 
FilerMailer. UDPPart. HTMLMarter. WebFomi. MefCtock. WebUptaad RCp 
WhOfs, FTP XMU), HTTP SHPP /MAP MiME, /P/nfcx IPDaemon, iPPart. 
NetDiai. LDAP, iCMPPort, MCesf, TraceRoute 

Network Management 

• IP^WorksI Secure SNMP 

A comprebersfve toolkit for building Secure SNMP-based agent and 
manager applications including advanced SNMPv3 security features, 
trap handling, and ASN-1 MfB compilation. 

Components - SWMPAgenr, SNMPMgr, S/WiMPTrapMgf, M/bRrowser 

File & Streaming Compression 

• IP*WorksI Zi|> 

Suite of easy-to-use. fast effective components for compression and 
decompression with advanced features Including self-extracting 
archives, industrial strength AES encryption, and Zip64 archives. 
Components - GZip. Tar, iar, Z(p, ZipSfream 


Secure Connectivity & E-mail Confidentiality 

■ IP*Works1SSL 

SSL-enabled versions of the components in the core IWorks! 
package. 

Components - WebFormS, LMFS* WebUplQ^dS, RESTS, NNTPS, 
iPOaemonS, POPS, FilGMailerS, SOAPS, HTMLMaUefS. Te/netS, HTTPS, 
FTPa /MAPS. SMTPS. /PPorta CerfMgr. ffSSS, SMPPS, WebDavS. XMPPS 

- I Reworks! 5/MIME 

Components for E mail and file confidentiality, authentication, and 
non-repudiation through encryption and digitai signatures. 
Implements the 5/MIME standard for digitai security. 

Components - CertMgr SNNTP, SPOP, S/MAP, SSMTg SMlME, SFiteMam 

■ IP*Wor1i5[ SSH 

Secure Shell {SSH) enabled client communications components 
supporting strong encryption and advanced cryptography. A 
hlghly^evolved code base, enhanced with enterprise features like IPv6 
addressing and 64-bit support. 

Components - SFTP. SSbe//, SExec, SSHCTiant, SSHTonnei, Cert Mgr 


COCOA FRAMEWORKS FOR INTERNET BUSINESS 



Built using the sanhe technologies as our award-winning I Reworks! product line, these packages offer native components for 
Credit Card Processing* Online Payments* E-Banking, Shipping & Tracking, and more! 


■ QurckBooks tntegrator 

■ E-PaymenMnlegrator 

■ E-Ban king Integrator 

■ T5YS Integrator 


• Paymentech Integrator 

■ FDMS Integrator 

■ FedEx Integrator 

■ US P Integrator 


■ USPS Integrator 

■ PayPal Integrator 

■ Amazon Integrator 

it Share Point Integrator 
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Thursby Software 

Leaders in Mac-Windows 
Integration 

Mac sales in the enterprise and college arenas are 
soaring, so products from Thursby Solutions 
(http://www.thursby.com) are becoming more relevant than 
ever as they facilitate Mac-windows connectivity and 
integration. 

According to an August 2010 
report by the Needham ik. 

Company rCuSearch firm, Apple’s 
government Mac sales have 
surged 200% and enterprise sales 
were up 50% in June. The Global 
Equities Research firm released a 
report the same month that notes 
that 70% of incoming university 
freshman students are coming 
with Macs. 

The success of Apple’s iOS 
devices and retail stores have 
helped consumer .sales of Macs to 
grow in leaps and bounds. In 
turn, those consumers are driving 
adoption of Macs at the 
enterprise level in schools, 
colleges, business and 
government. Of course, the Mac 
continues to dominate in its 
traditional strongholds such as 
research, creative design, media 
production, marketing and 
advertising. 

Working Mac to Mac, or in 
small businesses with a few Macs 
or PCs, is straightforward and can largely be accomplished 
with the built-in OS X tools. However, as the number of Macs 
being managed in the enterprise grows — and especially 
where Macs need to integrate with large and sophisticated 
Windows infrastructure rtinning Microsoft Active Directory, 
SMB and DFS “ tlie number of technical issues also grows, 
and the limitations of the built-in OS X tools become 
apparent. 

Along with technical issues come the organizational 
needs to negotiate integration with different groups, policy¬ 
making and considerations of support of new^ and legacy 


Mac OS X environments, future roadmaps, training, help 
desks, auditing and compliance. That’s where Thursby 
Software comes in: Us products have been addressing end- 
to-end Mac-Windows integration for 25 years. The company 
has over 50,000 Mac-Windows clients and over one million 
licenses sold. Among Thursby s accomplishments: 

• The first SMB/CIFS implementation on the Mac 
(1996); 

• Defined SMB/CIFS standards on the Mac with 
Microsoft (2002) 

• The first Active Directory implementation on the Mac 
(2003) 

• The first complete government PKt implementation 
on the Mac (2006) 

‘'Although Mac OS X 10.6 
made significant qualitative 
.strides with its native Window^s 
integration capabilities, it's 
Thursby who sets the bar to 
measure all others by,” says 
Samuel Litt, ACTC, author of 
the Mac OS X Administration 
Basics Exam Cram Study Guide, 
the Mac OS X Bible Panther, Tiger 
and Leopard Editions, as well as 
several articles for Quark's 
"XRAY” magazine. “ADmilMac 
and DAVE'S broad and 
comprehensive capa bili ties, 
combined with the company’s 
focus on CLi.stomer support, 
[provide the jiiost eloquent and 
d e pend a b 1 c M a c intos h/Wi nd o ws 
integration products on the 
market today, in turn yielding 
measurable cost savings.” 

Thursby’s produces run on 
Mac OS X 10.5 and 10.6. They're 
developed by .specialized Mac- 
Windows engineers averaging 10 
or more years of integration experience. Features can be 
added and bugs corrected without any need to change the 
particular Mac OS X version being run — a key requirement 
for enterprise level support — with no requirement to wait 
an undefined time for a fix to he made in Mac OS X. 

DAVE, Thursby’s foundation product, delivers 
commercial grade, two-w^ay Mac file and printer sharing with 
Windows. It delivers Microsoft SMB/CIFS and printing with 
Microsoft Distributed File System (DFS) for networked 
creative workflow around Adobe Creative Suite, Final Cut 
Pro, Avid and Office that are typically challenged with native 



DAVE 


The Professional Cross-platform File 
and Printer Sharing Solution 


Tl 


THIRSBY 

Software 
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ADmitMac 


Macintosh Client for Microsoft Active 
Directory and NT Directory Services 



THIIRSBY 

Software 


version 5 
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Mac OS X. DA\Ti offers 64-bii, multi-thread and multh 
processor support under Mac OS X 10.6 (“Snow Leopard"). 

ADmitMac turns a Mac into a true Active Direelory 
client. The one-stop, robust and highly scalable solution is 
designed to meet the entirety of enterprise Mac-Windows 
integration needs. It includes DAVE technology and provides 
identity and access management for Macs from either 
Window's Active Directory/Group Policy Objects (GPO) or 
Mac Workgroup Manager (WGM). 

ADmitMac offers deployment tools for Volume License 
Agreement (VLA) users. There^s no Window's server softw^are, 
Mac OS X Servers or schema changes required. 

With its engineering background, Tliursby offers free 
trials with free support of all of its products, emphasizing 
solving enterprise Mac-Window^s integration problems rather 
than claiming to solve them in advenisements, 

\\\\ 


About MacTech Showcase 

MacTech Showcase is another way for MacTech advertisers to bring 
awareness of their product or services to oar readers that gives more 
information than normally can he conveyed in a display advertisement 
Information contained in this or other showcase ortides is provided by 
the vendor. 
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Managing Software Installs with Munki 


An introduction to software deployment with Munki 


By Greg Neagle. MacEnterpnse.org 



MacEnterprise.org 

Mac OS X enterprise deployment project 




Introduction 

Managing Mac OS X machines has many Facets. Common 
tasks inclucie the initial building or imaging of machines, 
configuration of the OS and applications for use, managing user 
accounts, setting and enforcing organizationai policies, and 
inventorv'ing hardware and softw'are. Remotely assisting users 
might also come under Lite category of Mac [iianagement. 

Another very common task is installing, updating, and 
removing software on deployed machine.s. Tliere are stmie 
(organizations that build their machines with a "golden master" 
image, and then never touch them again until they are 
reimaged, but that's a rare arrangement. For most (organizations, 
there is a continuing need to add, update, and remove software 
From machines that have been deployed. 

There are several commercial tools available to assist you 
with tills task. Among these are the Casper Suite, Absolute 
Manage (formerly LANrev), KBcox, and FileWave. Tliere are also 
some free tool.s. Radmind, devekoped at the Liniversiiy of 
Michigan, is a tool to manage the contents of a filesystem. iLs 
design alkjwed it also he used as a software management 
system, and it ha,s enjoyed some popularity among Mac OS X 
administrators. 1, personally, have used it for the better part of 
a decade to manage hundreds (jf Mac O.S X machine^s. 

For various reasons, a couple of years Ligo, I began to Icxik 
at alternatives to radmind, I needed a system that did not 
manage the entire file,sy.stem and allowed greater Flexibilit}^ for 
users to decide what was installed on their machines, and I 
wanted a ,system that removed much of the tedium of adding 
new softwaie to the management system. The commercial 
solutions mentioned earlier probably w'ould have met my 
needs, but timing and finances meant that I'd have to wait a 
year before we could consider purchasing one of these 
solutions. So witli a year to wait before I could possibly buy a 
commercial solution, I decided to try writing my own software 
management utility. The result is munki. 

Although munki is relatively new ct^mpared to radmind 
and many of the commercial soluLions, it has been in use at my 
organization for over a year, and is in use by many other 
organizations w^orld-wide. 
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What Munki Does 

Munki consists of client-side tools written largely in 
Python, and is available as open-source under the Apache 2 
license at h[tp://code,google,conn/p/munki. The client tocMs nm 
on Leopard and Snow Letipard. They require Python 25, and 
so will not run on Tiger or earlier versions of Mac OS X. 

On the server side, munki can Lise any web server. 1 run 
my munki repository cm an Xsen'e running Snow Leopard 
Server, but you can use any available modern web server on 
any platform, (I .say “modern'' because some software packages 
can be over 2013 in size and older w'eb servers have problems 
serving files of that .size.) You do not need to install any munki- 
specific software on the w^eb server, but you must be able to 
create directories and files on the web sender. 

Munki can install software delivered as standard Apple 
packages - the same kind of packages, that when double¬ 
clicked, open in Apple's Installer.app. Munki can also install 
software from disk images - im example, an application 
delivered on a disk image that is supposed to be dragged to the 
.Applications folder. These 'Tirag-n-drop disk images" are easily 
installed by munki. Munki also know^s liow' to install many 
Adobe pioducts — specifically, it can install the Adobe CS3, CS4, 
and CS5 proclucts and their updates. In many cases, munki can 
alsr) remove the software it has installed. 

Munki also supports “Optitmal Software". These are items 
that are made available to the users of machines your manage, 
who can decide for ihemselves whether or not they'd like any 
of these items installed. If they choose to install an optional 
softu^are item, they can also later remove it, This feature does 
not require admin rights for tlie user, and is similar in concept 
to "Self Seivice" installs offered by the Casper Suite from JAMF_ 
Software. 

Additionally, munki can updiite softw'are it did not install 
itself You can specify that certain software should be updated 
only if some version is found already installed on a user's 
machine. 
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if Cyou_have_a_website == true) { 


measure_roi = easy; 
contact_visitors = yes; 
real_time = of_course; 
try_visistat = free; 
setup = no_brainer; 


} 

else { 

no_clue = true; 
i_use_google = sorry; 


} 

//REAL-TIME WEBSITE TRACKING 
goto - www.visistat.com; 


VisiStat 

^ Marketing GPS 





What Munki Doesn’t Do 

Earlier, we mentioned that managing Mac OS X machines 
has many facets. Many of the commercial solutions for software 
deployment also provide solutions for other facers of Mac 
management. Munki does not. Munki focuses only on software 
deployment. Youll need to turn to other tools for imaging, 
inventory, remote assistance, and preference management. At 
my organization, we're using DeploySmdio for imaging and 
Apple's Screen Sharing Ibr remote assistance. If youVe been 
reading this column for very long, it shouldn't come as a 
surprise that weVe using Local MCX for preference 
management, 

Munki Pieces 

Most of the data munki needs to function is stored on a 
web server. Munki uses three types of data: 

Installer items: these are [>ackages or disk images 
containing tlie software to be installed. In many cases, you can 
use a package or disk image provided by the software vendor 
without having to repackage or convert the installer package in 
any way. For example, munki can in,siall Firefox from the disk 
image that you download from http://www.mozTlla.com. 

Catalogs: these are lists of available software, containing 
metadata about the installer items. You, as the munki 
administrator, build these catalogs using tools provided with 
munki. 


Manifests: A manifest is essentially a list of what software 
should be installed on or removed from a given machine. You 
could have a different manifest for every machine, or one 
manifest for all of your machines. Manifests can include die 
contents of other manifests, allowing you to group software for 
easy addition to client m^inifests. For example, you could create 
a manifest listing all of the software every machine in your 
organization must have, The manifest for a client could then 
include the common-softw'are manifest, and additionally have 
software unique to that client. 

Manifests and catalogs are stored on the web ,server as 
standard Apple plist tiles in text fomiat. If you’ve administered 
Mac OS X machines, youVe almost certainly encountered plist 
flies. Tl^ey are a well-understood way to store structured data in 
a text format. Here’s an example of a simple manifest: 

<?xml version="1.0” encodina="UTF-3**7> 

ClDOCTYPE plist PUBLIC //Apple Computer//DTD PLIST 
1,0//EN" ’‘http://ww.apple.coni/DT0s/PrciperTyList-1,0,dtd''> 
(plist version™*'1,0”) 

(dlct> 

<key>cataloge</key> 

<arEsy> 

<string>production</strlng> 

(/array) 

Ckey>niai]agecl_iiiBtal Is ( / key > 

(array) 

<st ring>Flre fDx</at rin ft) 

<strinft>Thijnderbird (/string) 

(/array) 

(/diet) 

(/plist) 
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This manifest simply tells munki to kx)k for information 
about software to install in the “production” catalog, and to 
ensure Firefox and Thunderbird are installed* Munki then 
searches die production catalog for items named Tirefox” and 
“Thunderbird", and since we did not specify a version, it selects 
the items widi die latest versions. Here's what it finds for 
Firefox: 

<?5cinl version=”1.0” en[iodiiig="LlTF-8"?> 

<!DOCTYPE plist PUBLIC //Apple//DTD PLIST KO/ZEN" 

"http; //www.apple*coiii/DTDs/PropertyList -1.0*dtd'’> 

<plist version="l*0"> 

<dict> 

<key>atitoreKiove</key> 

<false/> 

<key>cata1ogs</key> 

<array> 

<st tiiig>prDduct ioii</st ting) 

^/array) 

<key > install sr_it eDt_haEh< / key) 

<strin6>lDedee22Sce&9ba4b03611b6ec75DacbccfB79f20ce5ZcbB6elba 

f6972f6DfbO</string> 

<key ) ii5ataller_itefli_lQcatiQn</key > 

<strlng>Flrefox 3,6.10.ding</Etring> 
<key>inEtaller_iteni_size</key> 

<integer> 189%</integer) 

< ke y >in s t a11e r_t ype </key > 

<et r ing>copy_f rain_diiig< / string) 

<key)inBtalis</key) 

<array> 

edict) 

<key>CFBundleld entifier</key) 

(strlng)org,mozilla,flrefox</string) 
<key>CFBijndleNanie</key) 


<Btrlng)FirefoK</String) 

C key)GFB und1eS bo rt V er sionS t tin g </key) 

<string)3,6 *10</stting) 

<key)path</key> 

<striiig)/Applications/Fl refox. app</string> 
<key>type</key> 

<string)applicatian</jstring) 

</dlct> 

</array> 

<key >1 tenis_to_copy< / key > 

<array> 

<dict> 

<key > d e s t ina t ioii_ p atM / ke y > 

<striiig>/Appllc atlonfl</attiiig> 

<key >source_itein<7 key) 

<string)Firefox.app</string) 

</dict> 

</atray> 

<key >iiilniiiiiiin__o s_ve t sion < / key > 

<string)lO.4.0</string) 

<key)naraeC/key) 

<string>Firefox</string) 

<key >uninstall_ 0 iethod< /key ) 

< string) reiiiove_i::!OpiEd_ltefflS</string) 

<key>mi±tt3tallable< / key) 

<true/> 

<key>version</key> 

<string>3.6. l0.0.0</striiig> 

</dict> 

</pllst> 

At this point, you might be intimidated by the complexity 
of this information. But don't worry, ids very easy to generate 
this info with tools that are part of munki, and we’ll cover that 
in the future. The information might kx>k less intimidating if I 
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were to remove the plisi overhead and present a subset of the 
information as a simple table. LrK)k at Table 1 for tlie result. 


Key 

Value 

Note 

Name 

Firefox 

Name of the 
item 

version 

3.6.10.0.0 

Which catalogs 
it should appear 
in 

iastallerjte 

mjocation 

Firefox 5,6. lO,diTig 

Name and 
relative path to 
the installer item 
(pkg or dmg) 

installs 

type 

application 


Inlonnation 

2 tlx)ut what this 
item actually 
installs 

patli 

Applications/ 
Firefox, app 

version 

3.6.10 




Table 1 - munki's information about an installer item 


Let's look at parts of the information that munki found 
alioui Firefox. 

Tlie most imp^jriant Held is name. Here it is "Firefox". 
wliidi inalches the name in the managed instails list in the 
manifest. When looking for information about a managed 
install, munki searches the catalogs for items matching the 
name given. If no version is given, it selects the item witii the 
highe.st version it finds. Here the version is 6.10,0.0 '. 

Once it has found information on the iiejii to l)e installed, 
munki cliecks to see if the item has already been installed. 
Munki can do this one of two ways. If tlie item to be installed 
is installed via an Apple package, munki can check for the 
receipts left when a package is installed. But .software that is not 
installed via an Apple package does not leave a receipt. And 
even for items that come in package format^ it is pos.sihle for 
s( 3 ft ware to be renK3Ved (for examjile, by dragging an 
application to the lra.sh) while leaving the receipt in place. So 
munki has a second method is can use to determine if an item 
has been installed, the installs list. For our Firefox example, 
here is that list: 


<striiig>3,6.10</string> 

<key>path</key> 

<string> / App lications / Firefox. app</st ritig> 

Ckey>type</key> 

<string>application</strlng> 

</dict> 

</array> 


A simplified version of the installs data is shown in 
Table 2. 


Installs: 

Type: .......application 

Identifier:.org. mozilla. firefox 

Name: ...Firefox 

Version:...3-6.10 

P a tfi: ../ Ap pi i ca ti ons/F i re fox. 21 p p 


Table 2 - Installs data far Firefox 3.6.10 


In this example, the installs list contains a single item. 
This item contains infomiation i^lx>ut the Firefox application 
itself. Most importantly, it has the name, version and patliname 
for the apf^lication. Munki can then use this informtition to 
determine if Firefox is installed, and if so, compare tlie version 
of the installed application to the one defined in the catalog 
information about Firefox. (Munki can often find the application 
even ii‘ it has iieen moved from its nomial location by using 
System Profiler claui and the name and identifier,) 

If Firefox isn’t found, or the version of the installed Firefox 
is low^r than the version descrilied by the catalog information, 
munki decides that Firefox needs to be installed and downloads 
the disk image Ole containing Firefox, using information from 
the iiistaller_item_location field. If we w^re using the 
sample manifest shown earlier, the check would be repeated for 
Thunderbird. 

let us assume that munki found that Firefox was out-of- 
divte, but the ctureni version of Thunderbird W 2 ts installed. After 
downloading the di.sk image for Firefox 3.6-10, munki would 
alert the user of aviiilahle updates using the Managed Software 
Update application, shown in Figure 1. 

_ 

Software updates are available for your computer, 

Updairng your software mav take some lime. If" you're rtoi ready to 
update now, you un choose to update taier. 

Name Versiori Size 

Firefo)e 3,6,10 18,6 M8 



<key>in5talls^/key> 

(arrayy 1 

(dictS , 

<key)CFBuiidlBldentif iar</key> 

<string>org*mozilla, flrBfox</stritig> 

<key>CFBundleNanie</key> 

<striT5g>Firefox</ string) 

<key>cFBui,dieshortVersionString</key> f ^ _ Managed Software Update.app 
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As you can see, Managed Software Update.app Ls 
designed to closely resemble Apple’s Software Update 
application so that users might quickly grasp its purpose 
and how to use it. Unlike Apple’s Software Update 
application, users do not need administrative rights to install 
software using this application. If the user clicks Update 
now, munki will install Firefox 3-6.10 without an 
administrative prompt. The next time munki checks, it will 
find that Firefox is installed and not attempt to install it 
again. 

The installs list also bestows munki with another 
feature: automatic repair. If a user (with administrative 
rights) were to remove Firefox (by accident or on purpose), 
munki will notice and reinstall the application. For more 
complex software installs, munki can check for the existence 
of multiple items - not only applications, but other 
filesystem items as well. If any of the items in the 
installs list are missing or out of date, a reinstall is 
triggered. 

To remove a software item from a machine, you’d edit 
the manifest for the machine, moving the item from the 
managed_instails list to the managed_uninstails 
list. If we wanted to remove Firefox, the edited manifest 
might look like this: 


version=‘*U0" encodiiig-''UTF-8”?> 

<!D0CTTPE plist PUBLIC “'//Apple Computer//DTE PLIST 
1,0//EN" “http://www.apple,cotfl/DTOs/PropertyLlst-l.0.dtd"> 
<plist versloti==“l*0"> 

<dict> 

<key>catalogs</key> 

<array> 

<.£tring>tGatlng</string> 

</array) 

<key>iiianaged_installs< /key) 

<array> 

<string>Thunderbird</string) 

</array> 

<key)iiianaged_uninstallfi< /key) 

<array) 

<fitrlng)?irefox</string) 

</array> 

</dict) 

</plist> 

This time well run munki from the command line: 

>/usr/Iqcal/munki/maaagedsoftvareupdate 
Managed Software Update Tool 
Copyright 2010 The Munki Project 
http://code.google.com/p/munki 

The following items will be removed: 

- Fitefox 

Run managedsoftwareupdate -Insta11only to Install the 
downloaded updates. 
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Munki sees Firefox in tlie list of 
managed_uni ns tails, and uses the information in the 
installs array we discussed earlier to determine that 
Firefox is installed. Munki then schedules Firefox for 
removal. From the GUI, the scheduled task looks like 
Figure 2. 



Software updates are avaUable for vcrur computer. 

Updating your software msy take some ome. If you're not ready to 
update now, you can choose to ixpdate larer. 


^tanne Version Size 


Software rernovats 


SchedulNl removal of managed software. 

Figure 2 - Software removal 


In the interface presented to the user, details about 
software removals are hidden by default (though the 
administrator can override this if he or she would like). 
This is to discourage users from deferring updates 
indefinitely because they don't want a certain application 
removed, 

Munki Behaviors 

This is a good time to discuss a major part of munki s 
design. Munki is designed to be polite, ft never installs 
anything under a currently active user session without the 
user's approval. If no one is logged in, munki will by 
default install or remove sofmare automatically, hiding the 
loginwindow and presenting a status window. If a user is 
logged in, munki notifies the user of updates and allows 
the user to either update right away or defer the update 
until later. Munki also handles multiple user logins (via Fa.st 
User Switching) gracefully and will not install items if more 
than one user is logged in (as doing so could cause 
switched-out users to lose work). 

Administrators can customize these behaviors, 
configuring munki to never bother the user with available 
updates (therefore w^aiting to install all updates when no 
user is logged in), or the inverse - telling munki to never 
automatically install software when at the loginwindow, 
and instead always requiring user consent for all updates. 
Administrators cannot, however, easily configure munki to 
force an install or removal while users are logged in. 

To Be Continued... 

This month, weVe presented a basic introduction to 
munki, an open-source utility for managing software 
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installs, updates and removals on Mac OS X machines. Next 
time, well dive a little deeper and set up a proof-of- 
concept installation of niunki on a standalone machine. 
This will include both the munki client tools and a working 
munki server. Weil then explore more of the munki toolset 
and look at creating munki catalogs - the listings of 
available software munki uses to determine if a piece of 
software needs to be installed or removed, and if so. how' 
to complete the installation or removal. 

In the meantime, if this mt>nlh's column has piqued 
your interest, be sure to check out the resources available 
on the munki Google Code website at 
http://cocle,google.cDnn/p/murTki, and browse the archives of 
the munki-dev Google Group at 

hUp://groups.google.com/group/munki-dev. Until next 
month, have fun munki-ing around! 
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The Receipts Database 

How post-10.4 systems keep track 
of installed software 


r ^ 

by Jose R.C. Cruz 


Introduction 

Since the release or OS X 10.5, software 
delivery gained two new and notable features. 

Firs! is iht\/lal-packa^i>e format. This format 
combines die payloads, scripts and metadata 
into a single file. Then there is the r(^ceipLs 
database, which uses a central File to track 
each installed payload. 

So, in today's article, we take a close look 
at this database and learn how it aids in 
software delivery. We will study its underlying 
record structures, as well as how each 
struct Lire relates to one anodien And we will 
explore three software tools that we can use 
to access the daLaba,se. 

Readers are expected to know their w^ay 
around a Terminal session. They should also 
be familiar with the OS X installer sy.stem. 

Tracking The Payloads 

When an installer package delivers Sts 
payload, it leaves a recoitl of its actions on the 
target system. This record then serves as a 
guide for future i:)ackages that may Lifxlate or 
replace said payload. The same record may 
even aid uninstallers in removing that same 
payload. 

Now the package format dictates the type 
of record left on the target. If the package 
uses a flitudie format, like a meta- or distribution package, 
its record is in the form of a receipts bundle. But if the 
package uses the flat format, its record is then in the 
form of a receipts daiahase. At the rime of writing, package 
bundles are supported in all OS X releases, from 10.1 to 
10.6. Flat packages, however, are supported only on OS X 
10.5 (Leopard) and 10.6 (Snow Leopard). 

Both receipts bundles and databases reside in the 
standard directory /Library/Receipts. 



Figure 1* Structure of a receipts bundle* 


The receipts bundle 

Figure 1 .shows the contents of a typical receipts 
bundle. The bundle has the single sub-directory named 
Contents. Inside that sub-directory are five files and the 
sub-directory Resources. The file Archive*bom supplies 
a hiii-cf-maleriais, a list of files that make up each payload. 
The XML file Info*plist holds the general meta data for 
the entire installer package. The file Pkglnfo gives the 
package’s type and creator codes, while the file 
version - pList gives the various version strings. Finally, 
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a.receiptdb 


s paths 


groups 


j- 1 j-' r 

|l pkgs^paths * pkgs_groups 


acls 


shals 


ir 


oldpkgs 


taints 


tables 


patliB_path_idJK 


pkgapath a^pathkeyidx 


p]iga_pk9id_idx 


pkgmpa tlLS_pkgJcef_ldx 


indices 


Figure 1. Anatomy of the receipts database (10,5 target). 


the file foo-dist holds the scripts 
and localized strings that define the 
installer package. This file^ however, 
appears only in distribution packages. 

Receipt Inindles have the 
advantage of being easy to manage 
and remove. Often, a well-written 
shell script is enough to access a 
bundle’s files and query the stored 
data. On the other hand, receipt 
bundles are much harder to 
authenticate. Some of the file data are 
redundant, as they remain the same 
acros.s several liundles. Also, too 
many bundles can waste valuable 
space, and are much harder to 
organize and parse effectively. 

The receipts database 

The receipts database exists solely on 10.5 and 10.6 
targets. MacOS 10.5 uses the sub-directories db and boms to 
hold its receipts data (Figure 2). In the db sub-directory 
goes the database file a.receiptdb, which uses an 
SQLite format. In the boms sub-directory goes the bil!s-of- 
material supplied by each payload. 

Being a database, the a.receiptdb file can supply 
more data on each insialled payload. It can present its data 
in more organized and logical fashion — it comes as one 
compact file. On the other hand, only a small set of tools 
can properly access the database file, let alone alter its 
contents. Plus, access to the file will require admin 
privileges. 

/Library/Receipts 



a,receiptdb 


Dissecting The Database on 10.5 

Hie receipts database on MacOS X 10.5 is made up of 
ten tables and five indices (Figure 3). The engine that 
created the database is SQLiteS, which uses SQL92 as its 
query language. The tables and indices shown in the 
diagram are those that store payload data. Exclude from the 
diagram are those tables and indices used exclusively by the 
SQLite engine. 

The tables 

The three primary tables of the receipts databases are 
pkgs, paths, and groups (Figure 4). The pkgs talile 
shows the payloads delivered by each installer package. It 
consists of seven records fields, with the pkg key field 
serv'ing as the primary key. The pkgid field gives the 
bundle id of each payload. The ppath field gives the 
location wherein the payload resides on the target system. 
The vers field is the version tag of the payload. The owner 
field is the default UID id) of the payload, while the 
timestamp field is the time of the installation in POSIX 
seconds. POSIX uses 1970 January 1 as its point of 
reference. 



pkgidIvarchax path;varchar 


ppathivaxcbar 
replaces:integer 
veresvarchax 

JOWnar 3 integer 
timeetarop:integer 


groups 



groupid;varchar 
owner:integer 


Foo.bom 


Figure 2, Structure of the receipts database (10,5 target]. 


Figure 4, The primary tables. 
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The second primary tal>le, paths, lists 
the locations of each file from each payload. 
IL has only two fields: path_key, which 
serves as the primary key; and path, which 
holds a file’s complete path string. The last 
primary table, groups, lists the groups that 
each payload belongs. Not all installer 
packages update this table. So far, the only 
known package that does is Apple’s Xcode 
installer. 

All three primary tables use 
incremented integers for their keys. The first 
record in each table gets a starling value of 
L The order in which each record appears 
in the table reflects the order in which each 
payload was installed. 

Next, the receipts database has two 
secondary tables: pkgspaths and 
pkgs_groups. These tables link each 
primary table with one another. For 
instance, the table pkgs paths (Figure 1) 
shows how the records in the pkgs table 
relate to those in the paths table, h 
supplies three more record fieldsi uid, gid, 
and perms. The uid field gives the U1I> 
assigned by the target system to the installed 
payload. It may not be the same UID in the 
owner field from the pkgs record. The gid 
field gives the payload's GID {group k!], also 
assigned by the target ai installation. The 
perms field gives the payloads POSIX 
permission.s as an octal Hag. 

The table pkgs_groups (Figure 6) 
shows how the records in the pkgs table 
relate to tho.se in the groups lalde. Here, the 
relation is simpler and the table has no extra 
fieJd.s, 

Lastly, the receipts dataha.se defines four 
support failles ( Figure 7). These hold further 
data on each payload, except that data is not 
directly relevant to the install process. 7b 
start, the acls table gives the access control 
lists of each installed payload. Access 
control lists (ACLs) serve a similar role a.s 
POSIX pennis-sions. Whereas POSIX 
permissions are used in local installs, ACLs 
are used more in network iuskdls. 

Next, the shal table gives the 
checksums of each payload. The checksum 
is generated for each payload file with an 
SHA-l algorithm. Not all payloads leave 
emries in this table. 

The support table taints is an 
unknow-n one. Its name and fields implies 
that it keeps track of payloads that were 
altered upon installation. A basic install 


, pkgs 

1. 

paths 

pkg key;integer 








\ pkgs_paths / 

1...N \ 

pkgkey:integer 
peth_key:integer 

/1 


uid;integer 
gid;integer 
perms;integer 


Figure 5. The secondary table pkgs_paths. 



Figure 6. The secondary table pkgs groups. 


acls 

oldpkgs 

pXg_key:integer 
path_key:integer 

acitvarchar 

shals 

pkg_key5integer 

pkg_key:integer 

replaces:integer 

path_key;integer 

replacedby:integer 

shal!blob 

pkgid:varchar 


owner;integer 


ppath:varchar 


timestamp!integer 

taints 

vers!varchar 

pkg_key;integer 


taint:varchar 



Figure 7. The support tables. 
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Figure 7. The support tables. 
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session rarely, if ever, leaves an entry in this 
table. 

On the other hand, the oldpkgs table 
keeps track of payloads that replace or update 
existing files. It uses many of the same fields as 
the pkgs table, except these fields provide data 
on the affected payload, not the one being 
installed. Plus, the table defines two more fields. 
The replaces field holds the record key of the 
affected payload before the current one. The 
replacedby field holds the key of the payload 
affecting the current. Both keys point to a 
specific record in the pkgs table. 

The indices 

In the SQLite database, an index improves 
query speeds by collecting specific fields into 
one fast lookup table. The fields are chosen 
based on their frequent use and on their overall 
relevance. 

Figure 8 shows four of the indices in the 
receipts database. The first two indices u.se a 
single record field to build their lookup tables. 
For the index paths path idx, that would 
the path field from the paths table. For the 
index pkg$_pkgid_idx, it is the pkgid field 
from the pkgs table. Both fields are of the 
varchar type, which implies string data. 

The next two indices use two record Reids 
to build their lookup rabies. They use the same 
set of fields, but arrange them in oppo.sing 
orders. The index pkgs path s_pathkey_idx 
has the path key field before the pkg_key 
field, while the index 

pkgspathspkgkeyidx has pkg_key 
before the path_key. Both fields are from the 
.secondary table pkgs_paths and both are of 
the integer type. 

Dissecting The Database on 

10.6 


MacOS X 10,6 uses a different database to 
track its installed payloads (Figure 9)^ its 
database is a property-list file named 
InstallHistory-plist, This is a simpler 
format, one accessible by most text editors. It 
does not require admin privileges and it does 
not rely on the SQLite3 engine. On the other 
hand, the file holds less information about each 
payload than the 10.5 database. 

The 10.6 target also keeps the bom files of 
each payload in the POSIX directory 
/private/var/db/receipts. This is where 
it keeps the property-list files that describe each 
payload component. 


a.receiptdb ^ 



paths_path_idx 

pkgs_pkgid_id3t 


path:varchar 

pkgidsvarchar 


pkgspathsjathkey_idX 

pkgspaths_pkgkey_idx 


path__key: integer 

i pkg_key;integer 


pkgkey;integer i 

path_key:integer 


Figure 8. The table indkes* 
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Figure 9. Structure of the receipts database (10.6 target). 
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«array» 
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^ Dictionary 


date;date 

displayNames string 
displayVersion:string 
packageldentifiers:array 
processWame:string 



Figure 10. The InstallHistory. plist file structure. 


Foo.plist 


, InstallDate\date 

InstallPrefixPath:string 
InstallProcessName:string 
PackageFileName:string 


Packageldentifier:string 
PackageVersion:string 


Figure 11. The component file structure. 
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The InstallHistory file 

This file keeps its record entries as an 
array of dictionaries (Figure 10). Each 
dictionary uses five fields to describe an 
installed package. 

The first field date gives the date when 
the package was installed. Unlike the 
timestamp field from die pkgs table, this 
field holds an NSDate value, which uses 
2001 January 1, GMT as its reference. The 
displayl?ame field gives the name of the 
package; the display Vers ion field gives 
its version. And the process field names 
the tool used to deliver the package. This is 
usually the Apple Installer tcKil (default), but 
it can be another diird-party took 

Finally, the packageldentifiers 
li.sts the bundle IDs of each payload 
component, The same bundle ID names the 
plist file for that component. 

The component file 

Figure 11 shows the fields dial make up 
the component file. The field 
InstallDate holds the date stamp of the 
installed component. Like the date field in 
InstallHistory * plist, this too is an 
NSDate value. The InstallPrefixPath 
holds the root or starting directory of the 
installation. The field 

InstallProcessName names the tool 
that delivered the conip{)nenL. ThLs again is 
often the Installer took 

Next, die field Package?ileName 
names the competent package that carried 
the files. The field Packageldentif ier 
gives the bundle ID for that package. Its 
value should nicUch the name of the 
component file. Finally, the 
PackageVersion gives the version siring 
for that component. 

Browsing The Database 

Two tools exist that allow us to view 
the contents of our 10.5 receipts databa.se. 
These tools can also alter the contents, but 
such action is inadvisable as it could render 
the install history inaccurate. 

The first tool is the freeware utility 
SQLite Database Browser. It uses a single 
window (Figure 12) to display the record 
structures and data inside any SQLite 
database file. The window itself divides into 
three tab panels. The first panel, Database 
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Figure 12, The main browser window* 
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Figure 13. Viewing the receipt records. 
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Figure 14. Processing an SQL statement 
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structure, shown here, is where the browser shows the 
tables that make up the database. Clicking a table's name 
displays its record structure. Shown next to the table name 
is the CREATE statement that formed the table. 

The second panel, Browse Data, is where we view the 
records held in each table (Figure 13). To choose a specific 
table, click the pop-up menu Table and select the table’s 
name. The panel then lists the records in the order that they 
were added to the table. It also truncates a field value 
should the latter be longer than its allocaied column. To see 
more of the field value, dottble-cUck the ceil thus placing the 
value in an edit dialog. To resize a column, drag the borders 
on the list header with the cursor. 

This panel also displays a fixed set of records. To jump to 
the next set or to a previous set, click the *>' or *<’ buttons 
near the lower-left corner To jump to a specific record, 
enter the record’s row index in lower-right field, and then 
click the Go to button. 

The third panel of the browser window, Execute SQL, 
is where we run our SQL statements (Figure 14). To run a 
statement, enter the latter into the field labeled SQL string. 
Then click the button Execute query. If the statement 
returns a result, those appear in the field Data returned. If it 
returns an error, the errors appear in the field Error 
message. We can run more than one statements from this 
panel. 


The SQLite Database Browser is an open-source project, 
one hosted on the SourceForge website. At the time of 
writing, the most recent and stable version of the tool i,5 
2.0bl. it is a cross-platform tool. It relies on the QT toolkit 
library for its interface widgets. This, however, gives the tool 
a look-and-feel not quite native on each host system. 

To download the tool project or its compiled binaries, 
visit the SourceForge page at 

http:// SourceForge, net/projects/sqlitebrowser. 

Browsing with sqliteS 

Another tool for browsing the receipt database is the 
shell tool sqlite3, This tool provides direct access to the 
.SQLite3 database engine. It can run SQL queries one at a 
time or as a batch. It can save the query results to several 
file formats. Unlike the earlier browser tool, sqliteS 
integrates well with a shell script. 

We can use the sqlite3 tool in one of two modes: 
interactive or singie-iine. To start an interactive session, 
type the tooLs name Followed by the name or path to the 
receipts database. 

sqllteB a. receiptdb 

The tool launches, displays its version data and its 
'sqlite>' prompt. It also opens the database file and 
readies itself for input. To get a list of commands, type 
'. help' at the tool prompt. To see a list of database tables, 

type ' .tables' at the prompt. 

Bqllte> .tables 
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ads oldpkgs pkgs pkgs_paths 

taints 

groups paths pkgs_groups shals 

To see a list of indices, type ' .indices'^ followed by a 
table name. If the table does not have an index, the 

command returns a nil string, 
sqlite) .indices pkgs_paths 
pkgspaths_pathkey_idx 
pkgspaths_pkgkey_idx 

Finally, to end the interactive session, type ^ .exit' at the 
prompt. Note how' each tool command has a leading dot in 
its name. 

Now, to read the records from each table, we use an 
SQL SELECT statement (Figure 15). This statement takes 
three arguments: field-list, table«name, and query- 
condition. The argument field-list names the fields 
to be queried, each name separated by a comma. The 
argument table-name picks the table to be queried. The 
oplional argument query-condition defines how the 
query is to proceed. 


select field-list fjcoa table-wa;!!® j^uery-co/iditioii 

Figure IS. The SQL SELECT syntax. 


Assume we are working with the primary table pkgs. 

To list all the records in that table, use this query statement: 
select * from pkgs; 

This statement has its field-list argument set to 
This tells sqlite3 to show all the field values of each 
record. To restrict the query to specific fields, say pkg_key 
and pkgid, modify the query statement as Ibllows: 

select pkg_key,pkgid from pkgs; 

Make sure the listed fields are in the chosen table. 
Otherwise, sqlite3 will give an error message, naming the 
invalid field. 

To further cut the number of returned records, w^e can 
append a condilion clause to our query statement. This 
clause consists of one or more Boolean statements, and 
starts with the keyword 'where'. For instance, this query 
statement looks for records with pkg_key values less than 
20 : 

select * from pkgs where pkg_key < 20: 

This one looks for records with pkg key values hetiveen 20 
and 23 exclusively: 

select * from pkgs where pkg_key > 20 and pkg_key < 

25: 

The condition clause even allows .string tests, w^hich are 
done with the keyword ' like'. Here is a query statement 
that looks for records whose pkgid values start with the 
string “com.satimage”: 

select * from pkgs where pkgid like 'cam.satimage*%': 
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Here, the target string is enclosed with single quotes. The 
token ' % is a wildcard. It states that there is at least one 
character after the string. The same wildcard can also 
appear before the target string as shown !?elow. This 
statement looks only for records whose pkgid values 
contain the string “smile”: 

selecLt * fraiD pkgs vhere pkgid like '%smile%': 

The sqlite3 tool treats all string tests as case-imensUive. 

Browsing from the shell 

To use the sqlite3 tool in single-line mode, its calling 
syntax follows the structure in Figure 16. First, the tool gets 
called with a -line flag. Then it receives two input 
arguments. The argument database-file is again the 
name or path of the receipts database. The argument tool- 
command is an sqliteB command, which is marked with 
a leading dot. The allernate argument query-command is a 
valid SELECT statement as described earlier Make sure to 
enclose either tool or query commands in double quotes. 

aqlite3 “line d^taLhase-file tool-command|guery-cca]^ 

Figure 16* The sqlite3 calliitg syntax. 


To demonstrate, this statement lists the tables that 
reside in the receipts database: 

fiqlite3 line a.receiptdb ".tables'* 

This next one returns the records held by the 
pkgs groups table: 

sqlltel -liTie a.cecelptdb "select ‘ from pkga_groupg 
- returns 
^ pkg_kc-y = I 
^loup-k^^y = 1 

^ pk^_key = 2 
^ gi'oup_kcy = 2 
so on 

Notice Ilow' the tool precedes each record value with that 
record's field name. This last statement returns only those 
records in the pkgs groups table witli even group_key 
values. 

$qlite3 -line a,receiptdb \ 

"select * from pkgs^groups where [grQup_k€y 2 = 

0 } :" 

^ returns 
^ pkg_ktfy = 2 
^ groLip_ktfy 2 

# 

pkj^„key = 2 
^ grovip_kfy = 4 
^,,.and so on 

Browsing with Pkgutil 

Yet, the sqliteS tool is useless if we have to work 
'wdth the 10.6 receipts database. It is just as useless if we 
w^ant installer scripts that work with both 10.5 and 10.6 


targets. To better support l^oth targets, we rely on another 
tool, namely pkgutil. 

Unlike sqliteS, pkgutil w^orks only in single-line 
mode. It takes at most two arguments, arranged as showm in 
Figure 17. The argument tool-command sets the desired 
action. The argument tool-options consists of one or 
more option Hags, defining how the action is to be 
performed. 


pkutil ^ool-options J tool-command 

Figure 17. The pkgiitil calling syntax. 

Now some pkgutil commands require us to confirm 
an action about to begin. In an installer script, this is 
undesirable because the script has to run unattended. So to 
disable confirmation, use a —force option with the 
command. 

pkgiitil -force tool-comfcaficf 

Next, pkgutil performs its ui.sks quietly, giving only data 
or eiTtrrs as its output. To get derailed messages, u.se a - 
verbose option with the command, 

pkg^Jtll -verbose tool -comjusfid 

Or to display debug messages, use a -debug option, 
pkgutil -debug tool 

Finally, pkgutil assumes that the receipts dataliase is at 
t!ie root volume However, some packages let users 
choose a different volume to install their payload.s. As a 
result, the Installer utility will create and update a receipts 
database at llie new volume. Sr), to direct the tool to the 
right volume, pass the volume's full path to the —volume 
option. 

pkgutil -valaMU '/Volutnes/FQo* tool-comtnsnd 

Make sure to enclose the path wdih single quotes as shown 
above. Also, ensure the volume is mounted and has a valid 
receipts database. Otherwise, pkgutil wall re.spond with 
an error message. 

To make a list 

One set of tool commands returns some receipt records 
as a list. For instance, the —pkgs command lists the bundle 

IDs of all installed payloads, 
pkgutil -pkgu 

But ihe resulting li.st can be quite large and difficult to read. 
To make the list easier to read, pipe the command output to 
the more command for paging, 
pkgutil -pkgs I more 

Or use grep to show only those payloads of interest_ 

pkgutil -pkgs I grep "*i:LDtn\ . apple\. " 

Or send the output to a temporary file for Further processing 
by sed and other related tools, 

pkgutil -pkgs >) /tmp/pkgid.log 

You can also let pkgutil itself do the task of filtering. Just 
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pass a re^^ex pattern to the —pkgs command as Follows: 
pkgutll -pkgs='''com\ *apple\. ■ 

LVIake sure to enclose the string pattern in single quotes. 
The tool command -files lists the files installed by a 
given payload. It takes the payload's Inindle ID as its input 
argument. 

pkgutil -files coin► apple*pkg*CHUItLeo 

Now the list itself shows not only the files, but also the 
directories created for each payload file. So to screen out 
only the files, use the option —only-files with the 
command. 

pkgutil -’Only-files -files com.apple. pkg.GHUDL eo 

To screen out the directories, use the option —only-dirs. 

pkgTitil -only’dire -files com, apple , pkg,CHUDLeo 

You can still use grep to further reduce the li,st to the 
desired items, But be aware that pkgutil treats both 
bundles and directories as the same thing, 

Finally, the command -groups lists the IDs of each 

payload group, 
pkgytil -groups 

The command -groups-pkgs takes a group ID as input 

and lists the payloads that belong to that group. 

pkgutil -group-pkgs com.apple.DevToolsRelocatabis^pkg- 
group 

To read and render 

The next set of tool commands gives you access to a 
payload’s receipt record. Some even render the record into 


a form suitable for later processing. For example, the 

command -pkg-inf o takes a payload's bundle ID as input, 
pkgutil -pkg-info com.apple.pkg.CHUDLeo 

It then returns the record labeled as shown in Listing L In 
the version field is the payloads version string. In the 
volume field is the target V{)lume chosen to accept the 
payload. The location field gives the starling node of the 
installation. The install-time field gives the installation 
time, again in POSIX seconds, The groups field lists the 
groups under which the payload falls. 

Listing 1. Output of the tool command 

—pkg-info- 

VErelon: S. 1 . 0 , 900000 DOOO. 1 , 1192163948 
volume: / 
location: ./ 

install‘Uime: 1215285946 

groups : COIL.apple.FindSyst eulFIIE s , pkg' group 
com. apple . DevToolsNDnRelQcata’hle .pkg’group 

The command —pkg-info-plist also takes a payload's 
bundle ID as input. 

pkgutil -pkg-info-plist com.apple.pkg.CHUDLeo 

But It renders the record into a property list (Listing 2), and 
it adds two more fields to the mix. The field pkg id holds 
the payload’s bundle ID, and the field receipts-plist- 
version holds the version string of the list format. 
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Listing 2. Output of the tool command 
—pkg-in£o-plist. 

<?xral versio[i=“l *0" encoding='’UTF-8'*?> 

<!D0CTyPE plist PUBLIC 

■■-//Apple//DTD PLIST 1.0//EN" 

"bttp://WWW-apple.com/DTDs/ 

PropertyLifit-1.0.dtd") 

<pllat versiQn=''l 
<dict> 

<key>groups</key> 

<acray> 

<stting>Gom,apple♦FindSystemFileB.pkg- 
grQup</strlng> 

<string>com.apple.OevToolsWonRelocatal>le»pkg- 

groiip</stririg> 

</array) 

^key>lastall-location^/key) 

(string),/(/string) 

<key>install-tlmeC/key) 

(integer)1215285946</integer) 

(key>pkg-versiiDn</kay) 

<strlng>5.1.0,9000000000,1.n9216894E</string> 
<key)pkgid(/key> 

< s t ring) c om. apple. pkg. CHtIDLeo( / string) 

<key)reqeipt-plist-version(/key) 

(reaDl (/real) 

(key>volunie</key) 

(string)/(7 string) 

(/diet) 

(/plist) 

The command --pkgs-plist rentiers the bundle ID of 
all installed payloads into a property list, 
pkgutil -pkg-plist 

The command -groups-plist does the same task For 

payload groups. 

pkgutil -groups-plist 

And the command -export-plist returns the entire 
receipts record for a given payload, again rendering the data 
as a property list. It loo takes a payload’s bundle ID as 
input. 

pkgutil -export-plist enm,apple.pkg.CHUDLen 


To test and alter 

The last set of tool commands lets you validate the 
items installed by each payload. These commands all take a 
payload’s bundle ID as their .sole input. 

The command—verify checks the permission flags of 
each installed item. It tells pkgutil to run a separate too! 
named repair_packages. If an item (file or directory) 
has the wrong set of permissions, or if it is missing, 

pkgutil will report the problem as an error to stdout. 
pkgutil -verify com.apple,pkg,CHDDLeo 

The command -repair does the same task as the — 
verify command, but it goes a step further by actually 
assigning each item with the right permissions. 

pkgutil -repair com.apple.pkg,CHUDLeo 

Now^ .some payload items need admin privileges to have 
their permi.ssions changed, To deal with these items, make 
sure to precede the pkgutil statement with a sudo 
command, 

sudo pkgutil -repair com. apple.pkg,CFfUDLeo 

The command -forget removes all records of a given 
payload. Thus the next time you install the payload, the 
Installer tool treats the action as a ueir install, as opposed 
to an upgrade. The -forget command require admin 
privileges—always use it together witli the sudo command. 
Also, be careful when using this command, for the changes 

are permanent and irrenersibie. 

sudo pkgutil -forget com.apple.pkg.CHUDLeo 

Closing Remarks 

Both 10.5 and 10.6 targets use different receipts 
databases to track the .software payloads that get installed. 
In the case of 10.5, it keeps its receipts inside a cenimlized 
SQLile database. In the case of 10.6, it keeps its receipts in 



Mount Your 


www.kaecorp.com 


HM-GS-PO . - J 

B»ck M^wnt for AppI*™ Mac Pro 

with Individual Pull Out Mounts 


Under Desk & Rack Mounts for Mac Pro and Mac Mints 

KAE CORPORATION 






News and information 
for Apple users. 


www.macnews.com 









a central history file. Both targets preserve the bom files that 
came with each payload. But only the 10.6 target lakes the 
plist file that describes a payload's components. 

Throughout this article, studied the structures that 
form a receipts database. We examined the data held by 
each structure and how these structures relate to each other 
And we learned how view the receipt data using three 
different tools. 

So ends another coverage of the MacOS X software 
delivery system. But come back next time as we continue to 
explore softw^are delivery and learn how to best leverage it 
to our needs. 

Until then, 1 bid you w'elL 
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Thanks for the 
Memory 

A look at how memory 
is managed 
Objective-C 

Introduction 


portable interfaces into the underlying operating system’s 
memory management scheme. If your application wants to 
dynamically attain memory, it will simply pass an integer 
indicating the number of bytes it desires. Presuming that the 
amount of memory requested is available, the operating system 
wall allocate that amount, and return a pointer to the memory. 
Here, we ask for 33 bytes of memor>^ which will be assigned 
to the myString pointer 

char ‘myString = (char ‘imallpc[33) ; 

if (piyStrlng 1“ ttULL) 


1 


//We have the memory.. 


A check is made to verify that the value of tlie pointer is 
not HULL, indicating that our memory request was indeed 
fulfilled. Note tliat the size passed is dependent on die type. 
For character strings, 1 additional byte is needed for the “nur' 
terminator character. For integers^ the size is dependent on the 
architecture of the machine. Rememl^ering these details can be 
tedious, and this makes malloc [) slightly laborious in its use. 
Its counterpart nietliod free {), however, is a bit simpler: 

f ree(iiiyString): 


If there is one topic that beginning Objective-C and Cocoa 
programmers struggle with, it is application-level memory 
management. For those coming From a pure C and C++ 
backgroLind, the concept of rdaiu counts and all of the other 
ideas that accompany memory management in the Olijective-C 
environment can require an adjustment in diinking. Java 
programmers who are beginning their foray into Objective-C 
and Cocoa may also find the idea somewhat foreign, since for 
them, memory allcxation is an afiertiioLiglil given Java’s garbage 
collection model of’hise it and forget about it." (While it is true 
that that Objective-C 2.0 did introduce garbage collection, this 
feature is still out of reach at the moment for iOS developers). 

In this montlrs Det'cloper lo Dereloper, wee'll dive into the 
wearer and swim with the memory sharks, delving into retain 
counts, object leferences and the like. Mucli of tlie information 
in diis month’s article is geared toward the beginning Ohjective- 
C developer. If you’re a seasoned Objective-C pixjgrammer, 
then this will all be a review for you. 


The freeO Function .simply takes the pointer that was 
provided by the malioc O call earlier. Implementations of 
malloc () nqDically maintains a table wJiich tracks all allocated 
memory' and tlieir allocated sizes. When an application 
requests the memory to he returned to die system via free {), 
the talde is referenced, the p{)inter Ls located, and the memory^ 
is given back to the free pool. Uiis convenience makes it 
unnecessary to pass the .size of the object being returned. 

As you would e.xpect. these two Functions go hand-in-hand 
and compliment one another. One takes memory from the 
system, while other gives it liack. Tliis same pattern follows in 
C++, wJiose object model implements a cleaner way to allocate 
tincl return memory: the new atid delete methods. 

MyObject ’s = new MyObjectO : 

// use the object for some time ... 

delete s: 


C and C++ Dynamic Memory 
Allocation 

To start our dLscitssion, we ll look at how^ applications 
manage memoiy in the comnK^n piogramming languages of C 
and C++. If your background is in C, then you have certainly 
encountered and used the ubiquitous malloc {) function and 
its counterpart, free{). Both of these functions are the 
foundation of memory allocation and utilization in C-based 
programs, and for good reason. They are simple, effective, and 


Tliese metiiods provide a clean abstraction that Ls not 
present in malloc {) and free (), since the size of the object 
being allocated is a property that can be extracted by the new 
method itself Another bonus that the new method brings is the 
initialization of the object by calling its constnictor (something 
that stems from C++’s object-oriented design). Furthermore, 
note that no size needs to be passed when allocation is 
performed. Returning memory to the system with delete is a 
similarly tidy operation. 
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Yet what both C and C++ lack in the native 
implementations uf their dynamic memory allocation methods 
is a way to track the use (jF that memory’^ as it goes through the 
application. As memoiy is handed off horn one pan of the 
code to the next, it isn't necessarily clear who “owns” that 
memory and who should reairn it to tlie free memory pool 
wlien its use is coniplete. Coordination of ownership has to be 
piatined and handled by the application designer and the 
software clevelc^|>er, 

How Objective-C Approaches 
Memory Management 

In Objective-C and Cocoa, the base class NSObjeci and any 
of its descendant objects are allocated in a manner that is 
similar to C++ object allocation siiowm earlier, although with a 
bit more verbosity; 

MyObject = [[HyObject alloc] init]: 

Allocation and initialization of an object is actually a tw'o- 
step process as shown above. First, the alloc message is sent 
to the object MyObj ect, wliich causes, among other things, 
memory^ to l>e alkicated hrr tile object. Second, tlte init 
method is sent to the nevvly allocated object, This prepares die 
object for use by initializing variables, setting states, etc. 

What is not obvious above, how'ever, is that when the 
object s comes to life as pan of the allocation process, it 
inherits a value knowm as a reference counter, more formally 
know'll as the wtain count. This is a ubiquitous property that is 


part of NSOliject as well as every object that descends from 
NSObject. Upon allocation of an object, the value of this retain 
count isS set to 1. Quite simply, the retain count is an indication 
of the number of claims that have lieen made to this object. 
When another entity (such as another object) washes to make a 
claim on a taiget object, it does so by increasing the target 
objec t's retain count; conversely, when use of the target object 
is determined to be completed, it can lie Linclaimed by simply 
decreasing the retain count. 

Over tile lifetime of an oliject, its retain count can go up 
and down as other objects express an interest in claiming it for 
tiieir use. Something significant happens, however, when the 
retain count goes down from 1 to 0. This event signals to the 
underlying memory manager that the niemor}' occupying the 
object should he returned to the free pcKih Effectively, this acts 
as an implicit free() function in C, or delete method in 
C++. 

So how^ can w^e get a glimpse of an objects retain count? 
NSObject gives us the ability' to view our retain count by simply 
sending the message retainCount to an object. I’he 
following code captures the retain count in the context of a 
running application for an object s: 

tinsigned count = [s retainCount] ; 

In tlie above line of code, an unsigned value is returned 
w'hich represents the number of retains that this object has been 
sent. If you happen to be debugging your application in 
Xcode, another convenient w^ay is to check the value from the 
gdb debugger: 
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fg,db) p (int) [s retainCount] 

$2 = I 

We can Lise the above methods to verif>^ that SLibsequenr to 
the construction of an object’s instance, the retain count is set 
to L Now that we know that the retain count exists, let’s look 
at how we can manipulate it, and why doing so can he 
important in our applications. 

Why Retain Counts Are Useful 

Since the concept of letaining and releasing raemor>^ is 
built into tlie very core of Objective-C, all classes in tlie Cocoa 
and Foundation frameworks are equipped to use this feature. 
Let’s set U[^ a simple scenario that illustrates the utility of the 
retain count using the instance s of MyObject created in the 
above exampie. In this example, w^e wish to add the instance 
s to an N?^MutalilcAiniy that we have created; 

// create an array and add pur object s to ir 
MSMutableArray “^a = [iNSMutableArray alloc] Inlt] ; 

// adding s to the array will Inrreaae Its retain count 

to 2 

[a add0bject:s]; 

y/ We can use the object s for some amoLint of time... 

// Release our claliE on the object a: Itn retain count 
// will drop from 2 to 1 
[s release]; 

// Eventually we alao release the array we allocated 
[a release]: 

The act of adding s to the anay a is akin to a transference 
of responsibility. We are saying to the array a ^’please take claim 
to s and add it to whatever array of objects that you currenfly 
have.” Depending uptai what our program does next, we may 
w ish to continue using s, or we may consider (mixelves done 
with s and wish to abandon it ctmipletcly In either case, at 
some point we will hnd (mrselve.s no longer needing s and will 
want to essentially tindo our earlier allocation, returning ils 
memr>r>^ to the system, Hy sending a release me.s.sage to the 
object s, we are indicating that our interest in the olqect is 
complete. 

What may ntU he obvious is that the addObject: method 
actually .sends a retain message to the object it is adding, in 
this ca.se s, I’he retain message causes the retain count of 
the target object to increase by 1. effectively raising it to 2 in 
this case. Wheti we send our release message to s, its retain 
count drops from 2 to 1, but the object remains intact since it 
is claimed hy the array. 

How does the object s eventually go away? Notice Lite last 
line in our code fragment above will send the release 
message to our airay a, which we allocated and initialized 
earlier. The act of sending that mes.sage to the instantiated array 
object will cause it to send release messages to all of the 
objects that it holds. In our example, s, whose retain count is 
now 1, will go to 0 upon receiving this final release message 
from the array, and its memory will be returned. Incidentally, 


the array object itself is deallocated and its occupied memor)^ is 
returned to the free pool. 

More Fun With Retain and Release 

Although the above example doesn't explicitly show' it, 
w^hen an entity, such as another object, wishes lo retain an 
iastance of an NSObject, it must do so by sending a retain 
message to the object to be retained. Upon receipt of the 
retain message, the receiving object’s retain count will 
increment by 1. Continuing with our example where s is an 
instance of MyObject: 

[s retain]; 

We can verify either by inclusion of the earlier code or via 
the gdb debugger that the retain count of b is now 2. In fad, 
the return value of the above statement is the pointer to the 
same oliject s whose retain count has just Ix^en incremented. 
For purposes of illustration, we can Increase the retain count 
merely by sending the retain message multiple times in this 
nested fashion: 

Ills retaini tetain] retainlr 

This series of retain messages would cause the retain 
count of ihe object s lo increase by 3. 

Unlike llie retain message, the result of a release 
message is void, and returns no value whatsoever. The objects 
retain count is merely decremented by 1. As we discussed 
earlier, once the retain count goes from 1 to 0, the memory that 
the object occupies is rcturncLi to the free jnemory pool, and 
the object then ceases to exi,st. 

Not properly Ixilancing retain and release messages 
can cau.se much pain and time in the debugger. Let's take a lcK>k 
at the two scenarios that can lead to niisery; over retaining and 
over releasing. 

Getting Into Trouble 

Objective-C put memoiy management into the hands of 
the preagrammer, and as such, there is a responsibility that 
comes with wdeiding such power. With retains and releases 
performed in the [iropcr order, all is well and the lifetime of an 
application's objects are managed apj^ropriateiy, The woM is 
beautiful! But tilings ean go wrong. Wiiat happens wiien they 
do? 

The tw(] common symptcjms of unbalanced retain and 
release me.ssages in Ohjective-C applicatioiis are (a) memory 
leaks due to under-releasing or over-retaining, and (h) crashes 
which can result fi-oin over-releasing or under-retaining. One is 
more of an immediate catastrophe, w hile the other is akin to a 
ticking time bomb. Both should be avoided. 
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Memory leaks and Under-Releasing 

Let's consider memory leakage first. A memory leak in 
programming parlance is considered to he memory that has 
been allocated but is never returned to the free memory^ pool 
during the lifetime of an application. Depending upon how 
much memory is involved, severity of leaks can range from 
innocuous, lo inconvenient, to catastrophic. It is the equivalent 
of filling your stomach at an all-you-can-eat buffet, then hauling 
more food under your arms when you leave. You're potentially 
starving others! 

It's quite easy to see how^ memory leaks can happen - just 
retain without releasing (over-retaining), or allocate and 
initialize an object w ithout bothering to release it at some point 
(under-releasing). The memory^ tliat the objeel occupies will 
stay unavailable long after the object has finished being usecl, 
and will only be returned to the system once the application 
itself terminates. 

Crashes and Over-Releasing 

On the other end of the spectrum is the (>rohlem of over¬ 
releasing (or under-retaining). ITiis can come about wiien an 
over-zealous object sends one too many release messages to an 
object, causing its memory to prematurely return to the system. 
In the meantime, another object has a reference to tliat memory; 
and mistakenly believes that it has a valid reference to the 
object. Any access to that object may cause an immediate or 
deferred crash, depending on witen exactly the memory is 
returned and if it is reallocated to some other object. 

Because of the insidious nature of over-releasing, the 
application eventually crashes, and it is this ty^pe of problem 
that can be challenging to track down and fix. Luckily for us, 
Apple has included some clever tcx^ls in its Instruments 
application (available with the Xcode developer tools) that can 
assist in locating problem areas related to over-releasing. Well 
explore this tool and the techniques to diagnose memory- 
related crashes in next month's Developer to Developer. 

Summary 

Llnderstaeding how applications manage their objecLs' 
memory^ in ilie Objective-C environment is crucial to insuring a 
well-behaved and w'ell-mannered program. Tlie retain count 
approach is emlx^dded into every object tliai stems from 
NSObject, including Apple’s Cocoa and Foundation 
frameworks. While Objective-C 2.0's garbage collection lessens 
the burden on the programmer for managing memory, iOS 
developers are still expected to manage memory^ in their 
applications, and as such, the topic is still one worthy of study. 

Next month we'll go further into Objective-C memory’ 
management by looking at a special subclass of NSObject that 
we can use to see how our objects are using memory. We'h also 
visit the NSAutoreleasePooi object, which gives us a convenient 
way to defer the release of an object and the return of its 
memory' to the system. Until then, I highly recommend tliat you 


read the resources in the Bibliography and References section 
below. It will expand on the ideas presented in this article and 
give you a solid foundation to pursue your development efforts. 

Bibliography and References 

Apple, Mentor}* Managemetit Programming Guide. 

http://devebper.apple.com/libmry/mac/doc urn entation/Cocoa 
/ConceptuQ I/Mem oryMg m t/Memory Mg m t. pd f 

Hillegass, Aaron. Cocoa Programming for Mac 0,S'X AddLson- 
Wesley. pp 40-43. 

Kochan, Stephen G. Pfvgramming in Objec!we-C 2.0. 

Addison-Wesley. pp 405-422. 

iTili 


About The Author 

Busy G. Pitre Bves in Smthwest lommia and is 
the lead developer at fee-Soy where he also 
msults on Mat and iOS pro/ects widi a vartety 
of {Beats. He htdds a Master of Sdeitre in 
Computer Science from the University of 
Louisiana at Woyeife. Besides Mat 
programmiag, his Ao&Aies and mterests indude 
retnMmnputing, ham raiBo, vemfi^ nme^e aid 
arcade game restoration, and phymg CqiHi music You cm readi Ann nf 
Acisy@iee-Aoy.c(Mn. 




W^\ i n V i s i b L e 

r JSHIEUD 

^'"TOUGHNESS 

PERSONALIZED 

STYLE 


www.ZAGG.com/SKINS 


AA/OMH 













1_J 

n 

LJ 

n 

■_j 

r 

1 _1 


i_j 

n 

LJ 

r 





CORESEC: SECURITY TOPICS FOR ADMIHISTRATORS AND PROGRAMMERS 


Is Your Mail Really Safe? 


An overview of current mail-delivery methods 
and their security options 

By Michele (Mike) Hjorleifsson 



Introduction 

Email Ls ilie lifebicxxl of nio.st organiz^itioas. Countless 
numters of emails are sent and a'ceived daily by millions U not 
billioas of people throughout tlie world ever>' day* But how safe 
is your email system? More impt^rtanlly w^ho else can read your 
emails? in this month's segment we will review^ the basics of email 
services on the Internet. Tlie current security mtxiels and the 
misconceptions tliat go with them and how you can better ami 
your organization to deal wiili delivering mail securely. Wliy write 
an article on email you ask? A*s a trainer 1 teach dozens of 
administmtors every year and tJiis summer 1 liegiin ptxsing 
quesiif)ns aliout mail security to get a pulse of what adniinisinttors 
are implementing and w'hat the general consensus ahoul mail 
securit^^ is* To my surprise there were some consistent 
misconceptions and general misunderstandings aliout how .safe 
their email servers and the conesponding emails are. 

Email Primer 

From a ten thousand foot view, email client and server 
software seems very simplistic. A user creates an email presses die 
send button in their favorite email client and the message goes to 
the mail server and out to the recipient's mail .server where it waits 
for the recipient to read or downlcrad the message* Behind the 
scenes and a little deeper we can -see that the client softw-are use.s 
one protocol to retrieve messages from the server and another to 
send messages, typically IMAP (Internet Message Access Protocol) 
and SMTP (Simple Mail Transfer Protocol) respectively unless you 
are an Microsoft Exchange user in which atse it can lie Id^C. 
WebDAV, Web Services, IMAl^, POP, or NSPI for retrieving niiiil and 
SMTP for sending mail. For the purptjses of tiiis article we will 
stick w'ith IMAP and SMTP. 

Administrators of mail serven? typically install a TLS/SSL 
(Traasport Layer Security / Secure Stxrkets Layer) certificate (eidier 
self-signed or issued by a Web Trust certificate authority) to secure 
their mail and leave it at that. Surely TLS/SSL 5ecurit>" is enougli to 


protect the trarLsmlssion and retrieval of email from our mail 
servers, isn't if? 

Is SSL Enough 

Most administrators have lx;en lead to l:x;Iieve or haven’t been 
exposed to the imer intricacies of maO delivery and assume 
applying a TLS/SSL certificate is enough to protect their 
organizaiions email Looking a little bit deeper will help you make 
more Infomied decisions aixiut securing your oiganizations 
emails* Using Apple OS X Server’s Mail Service as an example, 
when you apply an TLS/SSL Certilicate yon have tlie options to 
"Use”, “Don't Use’\ or ^‘Require *SSL for IMAP or SMTI^. 

“Don’t Use” is the most simple option to understand. 
With this option .selected, SSL ccjmmunic:ations me not utilized at 
all, which is technical tenninf>log>' for your emails are going to be 
sent out into the world in simple plain text, totally unpRitected. 
This is typically not tlie preferred option for a myriad of reasons, 
not tlie least of which is compliance with industry or other 
government regulations for which your oiganization may be fined. 

“Use” is the option that tends to confiise most folks, it 
seems by its terse nature that if yfju select Use thiu your email 
sender will Use TLS/SSL communications for IMAP and/or SM'IT 
communicaiioas but that isn’t akv'ays ilie case* For instance, if your 
mail server attempts to send my mail .server a message it will 
anempt to negotiate a TI*S/SSL communication, assuming my 
server is semp lor TLS/SSL then a secured communic'ation ensues. 
But the assumption is a big one, if my server is not setup to utilize 
TLS/SSL communications your server w^ill “dowmsliift” and send 
the message anyway in plain text, 'lliafs right: all your hard work 
prcKuring and installing die certificate to protect your server was 
for naught* 

“Require” is i^rilliant in iLs simplicity', if tlie corresponding 
mail server your mail service is communicating with is setup lor 
TLS/SSL communications then the mess^ige is delivered, ii’ nt)l tlie 
conversation is tenninated and the mail returned to the sender. 
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double the juioe! 
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hard case for iPhone 3G/3G5 . 
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While this may cause some inconvenience, most administrators 
have taken the step to install IIS/SSL and this rarely causes issues. 
Ttiough, when administrators decide to use self-signed certificates 
to secaire the SMTP portion of their server, otlier parties may not 
trust tliat certificate (because it is self signed) and tfien terminate 
the deliveiy or receipt of a message. Using root signed (or 
WebTmst) cerrificates will prevent tliis Issue horn arising in your 
infrastructure. 

Even if you have taken the precautions to setup TLS/SSL 
coiTununications, or even taken tlie funher step to “Require” the 
service to speak securely then your message will be delivered in 
an enciy'pted conversation with the corresponding seiver. Once it 
geLs to my server anyone witli access to ill at server can read that 
email with the right credentials, and whats more, they can modify 
the message wathout the desired necipiencs’ knowledge. This may 
be ok if you trust that the recipient’s administrators are taking the 
right precautions to ensure that no one can sncx)p about inside 
tlieir mail ser\^er. But what if you can't mttke that leap of trust or 
can't leased on your otganization,s policies or some other 
regulation? 

An Administrators Options 

Tw'o options exist to aid administraiors in delivering un- 
rainpered email from one paitv' to anc^ther paity; The first Ls called 
a digital signature, where as you create and install ceriilicates for 
each of your users and train or seluji their mail clients to digitally 
sign each email, or yoLi can digitally sign the email using a signing 
serv'cn A signing server is an SjMTT relay that you |X>int y<;ur SMTP 
service to send all mail to. Hie relay w ill then use a signature for 
y^oiir organization on every^ email instead of one for each 
individual user, Tliough there are implementations where the 
signing seiwers can lo^llaIp and digitally sign emails on a per user 
lia.sis (basically if stores a ceUificate for each of your users) that Ls 
the exception rather than the lule. 

So what does this digital signature do? In essence it acts 
like a digital version of the old w^ax .seiii you have seen in so many 
movies about the Middle Ages. It runs a mathematical computation 
on tile data and creates a signature based on tliat data. If a single 
bit in the email is changed tlie signature will fail its corresponding 
calculation at the recipients' email application and the tampering 
will he evidenced All modern email client softw^are suppoits 
digital signatures smfilemented using the S/MIME 
(Secure/MuItipurp(3se Internet Mail Extension) wliich OS X Server, 
Exchange lioth suppoii as do all otlier major players in the mail 
service arena. 

The second option actually encrypL-^ the email, ensuring onty 
the recipient can open the email. That sounds optimal, liut setting 
it up is quite more involved. The recipient has to have a public 
and private FKl key pair and has to iransmii the public ke)^ to you 
prior to you sending him or her an email. You install the public 
key on your machme(s) and utilize that key to enciypt the 
message you are sending to die recipient. Since they are the only 
paity W'ith the private key, tliey are the only one diat can decipher 
the enciyption and read die email. 
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The good news is that Keychain and A[>j.ile Mail make this 
quite easy. If the intended recipient sends you any message tliat 
is digitally signed, that digital sigruiture contains their pul^lic key, 
you just doul>le<lick to install that key and whenever you address 
an email to that recipient you will see a IcK’k icon in Apple Mail 
which you can tlien use to encrypt die message. 

One very^ large caveat though, as an administrator you 
are going to want to esciw the private keys of all your users to 
ensure you can decrypt these messages at a later date. \Vhy? Well 
if you donh and that recipient suddenly wins the lottery^ and quits, 
no one, and I mean no one will he able to decrypt rhcxse messages 
once the private key is lost or destroyed. 

Your organization can setup a certifiaite authority using 
the builrdn tools pr()vided by Apple’s Certificate Assistant (located 
/System/Lihraiy/Core Services) or install an tjpcn source cenilicate 
auditirity like OpenCA or EJBCA, or even subscribe to an 
outsourced service that c’^m liandle the ceitiheate authority 
functions. Linfortunately key escrow Is another maiter your and 
your organizational peers will need to determine a storage and 
retention policy and set of prcx:edures for hatidling key escrow^he 
PGP® Key Management Server c:an be deployed to provide key 
issuance and escrow' capabilities via an integrated and 
comprehensive interface. 

Additionally PGP can provide other encryption 
technologies such a,s Pull disk enciy^ption w'hicli are also txaind to 
the same key set issued to the Liser for email and otlier encryption. 
There is afso an open-source component to PGP, called 0|xmPGP, 
w hich was established to provide infonnation and adoption of the 


PGP encryption algorithms and techniques without fear of vendor 
lock in or proprieUiry' technology^ kx:k in. 

Conclusion 

hmail is a critical function of tocliy’s infonnation technolcjgy 
infrastructure but it Ls inherently designed for s^xxxl and reliability, 
nor security/. 0|>tions do exist to allow you, the administrator, to 
take precautions on how your mail is transmitted and even to 
ensure tlie mail is either tamper evident or totally encry^pted. Know/ 
that you are anned widi knowledge of youi’ options you can tnake 
an infonned decision for your organization, , _ _ 

iiii 
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AppleTV 

Good, but no 
replacement for cable 

by Dennis Sellers 

Tlie new Apple TV [s a t^olid update to Applets 
“hobby” but it's not a “cable killer" as I hoped it would 
lx? (sorry, Comcast - well, no, I'm not). Of course, that 
would be expecting a lot from an IIS$99 device. For a 
device that streams content from my Mac AND lets me 
access Netflix, it's a good upgrade for folks like myself. 

Set-up is easy — far easier than with its predecessor 
as there’s no need to enter a numeric code in iTunes on 
your Mac to sync the Apple You connect the Apple 
device to an HDT\' via a HDMl cable (not included) and follow 
some on-screen prompts, and you’re good to go. Also, the new 
Apple TV is small - surprisingly so - that it doesn't take up 
much space among your TV sePup, which, if ids like mine, has 
various devices atrached. 

You can set up the Apple IV with more than one 
computer on your home sharing network to stream to the TV, 
allowing for convenient access to video, photos, and music 
you've got stored on your Mac or PC. Strangely, you turn on 
Home Sharing in iTunes, not via the Networks option in Mac 
OS X. 

You can only rent movie.s and TV show^s via the new^ 
Apple TV, not buy them as before as the new' incarnation has 
no built-in storage. You can still buy videos via your Mac, 
however, and stream them to the Apple IV, As for the rental 
prices, they’re reasonable: HD movies start at $3-99 and HD TV 
shows go for 99 cents: rented movies stream crisply with few 
artifacts. 

One of the killer features of the new^ Apple TV is Airplay, 
which allows content to lie .streamed from an iPad or other iOS 
device directly to yc^ur TV This means you can watch part of 
a movie on your iPad, then begin streaming tlie movie to your 
teievision wlien you wish. Aid May wx)rks seamlessly and is 
very, very cool 

Another nice touch: if you have an iDevice, you can 
dcmmload Apple’s free Remote app from the Apple App Store, 
and use the device as a remote control for the Apple TV. 

Tliough 1 like the Apple TV overall, there’s plenty of room 
for improvement. To wit: 

° You can dow nload shows from Netflix, but you can't use 
Hulu Plus or Vimeo. You can look at pics on Flickr, but 
not Facelx:iok. Among TV broadcasters, only ABC. Fox. 


Disney and tlie BBC have joined the Apple TV party so 
far. 

'^Though 1 like ilie IIDMI connection, if you need 
componeni or composite <xiiputSt you’re out of luck. 

There's also no Apple TV App Store as some expected. 
But I imagine that’s coming sooner than later. After all, 
die (jongle TV is looming and it wall come with a store 
that sells, among other things, games that users will be 
able to [ilay on Google TV. [ think an Apple store will be 
announced before the holidays — and make the Apple 
TV^ a not-incon.siderable gaming device. 

° Most movies are in HD (720p). but serious movie buffs 
are going to want lOHOp. 

The Apple TV is a big improvement fre^m ''Take Two” of 
the device. And it has a lot of untapped potential In addition 
to gaming, hopefully weTI see multiple app-like options for 
accessing video and audio content from a variety of third-party 
sources, rather than forcing everything to be bought or rented 
dirough die iTunes Store. 

...Then the Apple TV might begin evolving into a real 
cable/satellice TV competitor. 

\\\\ 
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THE MACTECH SPOTLIGHT 

Andrew 

Pepperrell 

http://alfredapp.com 


What is your company? 

Running with Crayons ltd 

What do you do? 

rill the creator and developer of Alfred, a prcKluctivity upp 
for your Mac. 

How long have you been doing what you dc^ 

1 graduated in '99 horn Soiithamplon University with a 
Computer Science degree eoncenimting on Ul/llCL Since tlien, 
rVe been wtirking mostly as a Java III progranimer with Swing. 1 
started looking into and reading about Mac devekipment a 
years ago. !n Januaiy 2010, I started developing for Mac and 
launched Alfred in late Pebruaiy^ 

What was your first computer 

A ZX Sjx^ctmm 48k in tlie early 80s. 1 used to spend hours 
at a time typing in code that 1 didn't understand, copied from 
magazines I’d Ixiuglit. ^i|Would either not work because of a 
single error I dy^; how to fix on line 1642 or dc? 
something nib^Jp like|jcroll my name aci’oss the scieen in 
different coloirsl 

Are 5 ^ Mac-only or a mulfi-platform person? 

Im still a mulri-plutf|^ person - Jiiore by need than by 

ch^iffll^- 



Whaf attracts you to working on the Mac? 

']ii)#main reason 1 Like developing for Mac is tliat people 
appredi^ hcautilcii sofm^are. On XXdndows, anytliing goes and 
there's a loh-^low quality software around. In additicm, there 
seems to lie a ve?^st(x>ng and supporlive communit)^ for small 
companies and indie devetej^?r*tc launching Alfred, weVe 
had tons of emails, Uveets and message.s of suppoit from total 
strangers. 

What's the coolest thing about the Mac^ 

lire lifespan of a Mac far exceeds that of a PC. My first OS X 
G4 Mac Mini is still being put to daily use as our PPC/Leopard 
testing machine and doesn’t break a sweat. 

’What is the advice you'd give to someone trying to get into this 
line of work today? 



Just get started today. Find an idea Lind u problem to solve, 
then start w\)rking on it. I spent a year reading about OS X 
development and didn't learn a whole lot. Once 1 started 
developing a real idea, i had a first [Product OLil wathiii two 
months and liad learned loads. 

What's the coolest tech thing you've done using OS X? 

Going from an idle conversatirm to a released produd in 
under two montlis of evening w'ork w^hile working a day job, I 
released the first version of Alfred on Feb 28th w hile w^atching the 
hockey Olympics final of the IfS-Ganada game. Before 1 knew it, 
die word had spread on Twitter and we had over 300(1 users in 
aliout 3 days! 

Ever? 

When 1 was knee high to a grtusshopj^ I won aj|^liacl 
Jackson dance competition at a Christmas parent I turned ^tind 
and said ' Mummy, whos Michael Jackson?*' Ah t o be young again! 

Where can we see a sample of your work? 

You'll find Allred at hltp://o!fredapp,com 

For some of Our other work and WorilPress development, 
liave a lOtA at http://pep3media com 

The next way Tm going to impact the Mac universe is: 

My hope is tliat Alfred will become a household name on 
Mac. We still have a long w^ay to go l>ui I liave scjme fantastic 
ideas to make it indispensable. It's also the ilrst of a number of 
pRKliictiviiy-ffJciised Mac apps that we hope to launc:h. 

Anything else we should know? 

Aside fr(.mi developing Alfred, wx" also helj^ other 
enuepreneurs and Mac developers get rlie word out for their own 
products, Usalality. icon design, branding, product marketing and 
c{)mmuniLy liuilding - you ,say the word and weVe tliere! 

Yili 


If you or someone you kaow b^ongs in the MocTedi SpotS^t, kt os know! Send detaSs to e£toriid@mactedi.com 
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Mac shopping made easy. 

Grab that to-do list, and prepare for some one-stop shopping at 
Smalldog.com! 

Bundles simplify the buying process 

Mac bundles (think Mac + RAM + AppleCare + external hard drive, etc.) 
not only include everything you need, but also save you money. 

Visit » Smalldog.com/specials 


Macs from under $500 

We carry all current Macs as well as used, refurbished and closeout 
models, so there is a Mac for any budget. 

'/isit » Smalldog.com/macs 

Free shipping over $200 

It’s true-we provide free, same-day ground shipping on every item over 
$200 every day. 




Tax-free shopping 

Purchases outside of Vermont are 
always shipped tax-free. 


^ 1 Maefook Pro ♦ 
Chill Pill^ mobile speakers 


Small Dog 

Electronics 

Ijotur Qde 


www.smalldog.coin 
800-51MIUCS 
ll Apple Specialist 


Celebrating 15 Years • 3rd Largest Apple Specialist in New England ■ 5-Star Merchant Rating • Same-day shipping 





















NEW! 

EMC® Retrospect® 8 

backup and recovery software for 
small and medium businesses 


2? 

a 


4mc' 


f Retrospect- 

for Macintosh 




The most 
trusted 
name in 
^|wir Mac 
^uo backup 

ttfieiD 


All-new EMC Retrospect 8 for Macintosh provides the reliability, ease of use, power, 
and flexibility you need to protect critical data on Mac and Windows PCs and servers. 
EMC Retrospect includes a state-of-the-art Mac user interface and enterprise-level 
features — including remote management of one or more backup servers, 
disk-to-disk-to-anyfh/ng backups, Xsan su p port a nd custom reporting — at a fraction of 
the cost of other products. 


EMC" 

where information lives*' 


Download a free 45-day trial at www.retrospect.com/wwdc 


